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ABSTRACT 

The use of information networks for business and. 
government is expanding enormously. Government use of networks 
features prominently in plans to make government more efficient, 
effective, and responsive. But the transformation brought about by 
the networking also raises new concerns for the security and privacy 
of networked information. This Office of Technology Assessment (OTA) 
report was requested by the Senate Committee on Governmental Affairs 
and the House Subcommittee on Telecommunications and Finance. The 
report begins with background information and an overview of the 
current situation, a statement of the problems involved in 
safeguarding unclassified networked information, and a summary of 
policy issues and options. The major part of the report is then 
devoted to detailed discussions of policy issues in three areas: (1) 
cryptography policy, including federal information processing 
standards and export controls; (2) guidance on safeguarding 
unclassified information in federal agencies; and (3) legal issues 
and information security, including electronic commerce, privacy, and 
intellectual property. Appendices include Congressional letters of 
request; the Computer Security Act and related documents; evolution 
of the digital signature standard; and lists of workshop 
participants, reviews, and other contributors. An index is provided. 
A separately published eight-page OTA Report Summary is included. 
(JLB) 
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Foreword 



Information networks are changing the way we do business, educate 
our children, deliver government services, and dispense health 
care. Information technologies are intruding in our lives in both 
positive and negative ways. On the positive side, they provide win- 
dows to rich information resources throughout the world. They provide 
instantaneous communication of information that can be shared with all 
who are connected to the network. As businesses and government be- 
come more dependent on networked computer information, the more 
vulnerable we are to having private and confidential information fall into 
the hands of the unintended or unauthorized person. Thus appropriate 
institutional and technological safeguards are required for a broad range 
of personal, copyrighted, sensitive, or proprietary information. Other- 
wise, concerns for the security and privacy of networked information 
may limit the usefulness and acceptance of the global information infra- 
structure. 

This report was prepared in response to a request by the Senate Com- 
mittee on Governmental Affairs and the House Subcommittee on Tele- 
communications and Finance. The report focuses on policy issues in 
three areas: 1 ) national cryptography policy, including federal informa- 
tion processing standards and export controls; 2) guidance on safeguard- 
ing unclassified information in federal agencies; and 3) legal issues and 
information security, including electronic commerce, privacy, and intel- 
lectual property. 

OTA appreciates the participation of the many individuals without 
whose help this report would not have been possible. OTA received valu- 
able assistance from members of the study's advisory panel and partici- 
pants at four workshops, as well as a broad range of individuals from 
government, academia, and industry. OTA also appreciates the coopera- 
tion of the General Accounting Office and the Congressional Research 
Service during the course of this assessment. The report itself, however, 
is the sole responsibility of OTA. 
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Introduction 

and 
Policy 
Summary 



The technology used in daily life is changing. Information 
technologies are transforming the ways we create, gather, 
process, and share information. Computer networking is 
driving many of these changes; electronic transactions 
and records are becoming central to everything from commerce to 
health care. The explosive growth of the Internet exemplifies this 
transition to a networked society. According to the Internet Soci- 
ety, the number of Internet users has doubled each year; this rapid 
rate of growth increased more during the first half of 1994. By 
July 1994, the Internet linked over 3 million host computers 
worldwide; 2 million of these Internet hosts are in the United 
States. 1 Including users who connect to the Internet via public and 
private messaging services, some 20 to 30 million people world- 
wide can exchange messages over the Internet. 

OVERVIEW 

The use of information networks for businesses expanding enor- 
mously. 2 The average number of electronic point-of-sale transac- 
tions in the United States went from 38 per day in 1985 to 1.2 




1 Data on Internet size and growth from the Internet Society, press release. Aug. 4. 
1994. The Internet originated in the Department of Defense's ARPANET in the early 
1970s. By l982,theTCP/IPprotocolsdcvelorjcd for ARPANET were a military standard 
and there were about 100 computers on the ARPANET. Twelve years later, the Internet 
links host computers in more than 75 countries via a network of separately administered 
networks. 

2 Sec U.S. Congress. Office of Technology Assessment. Electronic Enterprises: 
Looking to the Future, OTA-TCT-600 (Washington, DC: U.S. Government Printing Of- 
fice. May 1994). 
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million per day in 1 993? An average $800 billion 
is transferred among partners in international cur- 
rency markets every day; about $ 1 trillion is trans- 
ferred daily among U.S. banks; and an average 
$2 trillion worth of securities are traded daily in 
New York markets. 4 Nearly all of these financial 
transactions pass over information networks. 

Government use of networks features promi- 
nently in plans to make government more effi- 
cient, effective, and responsive. 5 Securing the 
financial and other resources necessary to suc- 
cessfully deploy information safeguards can be 
difficult for agencies, however. Facing pressures 
to cut costs and protect information assets, some 
federal-agency managers have been reluctant to 
connect their computer systems and networks 
with other agencies, let alone with networks out- 
side government. 6 Worse, if agencies were to 
fct rush headlong" onto networks such as the Inter- 
net, without careful planning, understanding se- 
curity concerns, and adequate personnel training, 
the prospect of plagiarism, fraud, corruption or 
loss of data, and improper use of networked in- 
formation could affect the privacy, well-being, 
and livelihoods of millions of people. 7 

In its agency audits and evaluations, the Gener- 
al Accounting Office (GAO) identified several re- 
cent instances of information-security and privacy 
problems: 

■ In November 1 988, a virus caused thousands of 
computers on the Internet to shut down. The vi- 
rus's primary impact was lost processing time 



on infected computers and lost staff time in 
putting the computers back on line. Related 
dollar losses are estimated to be between 
$100,000 and $10 million. The virus took ad- 
vantage of UNIX's trusted-host features to 
propagate among accounts on trusted ma- 
chines. (U.S. General Accounting Office, 
Computer Security: Virus Highlights Need for 
Improved Internet Management, GAO/IM- 
TEC-89-57 (Washington, DC: U.S. Govern- 
ment Printing Office, June 1989).) 
Between April 1990 and May 1991, hackers 
penetrated computer systems at 34 Department 
of Defense sites by weaving their way through 
university, government, and commercial sys- 
tems on the Internet. The hackers exploited a 
security hole in the Trivial File Transfer Proto- 
col, which allowed users on the Internet to ac- 
cess a file containing encrypted passwords 
without logging onto the system. (U.S. General 
Accounting Office, Computer Security: Hack- 
ers Penetrate DOD Computer Systems, GAO/ 
IMTEC-92-5 (Washington, DC: U.S. Govern- 
ment Printing Office, November 1991).) 
1 Authorized users of the Federal Bureau of In- 
vestigation's National Crime Information Cen- 
ter misused the network's information. Such 
misuse included using the information to, for 
example, determine whether friends, neigh- 
bors, or relatives had criminal records, or in- 
quire about backgrounds for political purposes. 
(U.S. General Accounting Office, National 



3 Electronic Funds Transfer Association, Hcmdon, VA. Based on data supplied by Bank Network News and POS News. 

4 Joel Kurtzman. The Death of Money (New York. NY: Simon & Schuster. 1993). 

5 Sec The National Information Infrastructure: Agenda for Action. Information Infrastructure Task Force. Sept. 1 5. 1 993; and Reengineer- 
ing Through Information Technology. Accompanying Report of the National Performance Review (Washington. DC: Office of the Vice Presi- 
dent, 1994). See also U.S. Congress. Office of Technology Assessment, Making Government Work: Electronic Delivery of Federal Services, 
OTA-TCT-578 (Washington. DC: U.S. Government Printing Office. September 1993). 

6 This was one finding from a scries of agency visits made by the Office of Management and Budget (OMB). the National Institute of Stan- 
dards and Technology (N1ST). and the National Security Agency (NS A) in 1 991 and 1 992. The visits were made as part of the implementation 
of the Computer Security Act of 1 987 and the revision of the security sections of OMB Circular A- 1 30 (see ch . 4). Sec Office of Management 
and Budget. "Observations of Agency Computer Security Practices and Implementation of OMB Bulletin No. 90-08." February 1993. 

7 Sec F. Lynn McNulty. Associate Director for Computer Security, National Institute of Standards and Technology. "Security on the Inter- 
net," testimony presented before the Subcommittee on Science, Committee on Science. Space, and Technology, U.S. House (if Representatives. 
Mar. 22. 1994. p, 8. 
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Crime Information Center: Legislation 
Needed To Deter Misuse of Criminal Justice In- 
formation, GAO/T-GGD-93-41 (Washington, 
DC: U.S. Government Printing Office, July 
1993).) 

■ In October 1992, the Internal Revenue Ser- 
vice's (IRS's) internal auditors identified 368 
employees who had used the IRS's Integrated 
Data Retrieval System without management 
knowledge, for non-business purposes. Some 
of these employees had used the system to issue 
fraudulent refunds or browse taxpayer accounts 
that were unrelated to their work, including 
those of friends, neighbors, relatives, and ce- 
lebrities. (U.S. General Accounting Office, IRS 
Information Systems: Weaknesses Increase 
Risk of Fraud and Impair Reliability of Man- 
agement Information, GAO/AIMD- 93-34 
(Washington, DC: U.S. Government Printing 
Office, September 1993).) 8 

More recent events have continued to spur gov- 
ernment and private-sector interest in information 
security: 

■ A series of hacker attacks on military com- 
puters connected to the Internet has prompted 
the Defense Information Systems Agency to 
tighten security policies and procedures in the 
defense information infrastructure. The hack- 
ers, operating within the United States and 
abroad, have reportedly penetrated hundreds of 
sensitive, but unclassified, military and gov- 
ernment computer systems. The break-ins have 
increased significantly since February 1994, 
when the Computer Emergency Response 
Team first warned that unknown intruders were 



gathering Internet passwords by using what are 
called sniffer programs. The sniffer programs 
operate surreptitiously, capturing authorized 
users' logins and passwords for later use by 
intruders. The number of captured passwords 
in this series of attacks has been estimated at a 
million or more, potentially threatening all the 
host computers on the Internet — and their users. 9 

I The Networked Society 

The transformation being brought about by net- 
working brings with it new concerns for the secu- 
rity and privacy of networked information. If 
these concerns are not properly resolved, they 
threaten to limit networking's full potential, in 
terms of both participation and usefulness. Thus, 
information safeguards are achieving new promi- 
nence. 10 Whether for use in government or the pri- 
vate sector, appropriate information safeguards, 
must account for — and anticipate — technical, 
institutional, and social developments that in- 
creasingly shift responsibility for safeguarding in- 
formation to the end users. 

Key developments include the following: 

■ There has been an overall movement to distrib- 
uted computing. Computing power used to be 
concentrated in a mainframe with "dumb" 
desktop terminals. Mainframes, computer 
workstations, and personal computers are in- 
creasingly connected to other computers 
through direct connections such as local- or 
wide-area networks, or through modem con- 
nections via telephone lines. Distributed com- 
puting is relatively informal and bottom up; 



8 Examples provided by Hazel Edwards, Director, General Government Information Systems. U.S. Genera! Accounting Office, personal 
communication. May 5, 1994. 

9 See Elizabeth Sikorovsky. "Rome Lab Hacker Arrested After Lengthy Invasion." Federal Computer Week. July 18, 1994. p. 22; Peter H. 
Lewis. "Hackers on Internet Posing Security Risks, Experts Say." The New York Times. July 21.1 994, pp. 1 , B 10; Bob Brewin. "DOD To Brief 
White House on Hacker Attacks." Federal Computer Week. July 25. 1994, pp. 1. 4, 

10 In this report. OTA often uses the term "safeguard " as in information safeguards or to safeguard information. This is to avoid misunder- 
standings regarding use of the term "security." which some readers may interpret in terms of classified information, or as excluding measures to 
protect personal privacy. In its discussion of information safeguards, this report focuses on technical and institutional measures to ensure the 
confidentiality and integrity of the information and the authenticity of its origin. 
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systems administration may be less rigorous as 
it is decentralized. 

Open systems allow interoperability among 
products from different vendors. Open systems 
shift more of the responsibility for information 
security from individual vendors to the market 
as a whole. 

Boundaries between types of information are 
blurring. As the number of interconnected 
computers and users expands, telephone con- 
versations, video segments, and computer data 
are merging to become simply digital informa- 
tion, at the disposal of the user. 
The number and variety of service providers 
has increased. A decade after the divestiture of 
AT&T, the market is now divided among many 
local-exchange and long-distance carriers, cel- 
lular carriers, satellite service providers, value- 
added carriers, and others. Traditional 
providers are also entering new businesses: 
telephone companies are testing video ser- 
vices; some cable television companies are pro- 
viding telephone and Internet services; Internet 
providers can deliver facsimile and video in- 
formation; electric utilities are seeking *o enter 
the communications business. 

• Lower costs have moved computing from the 
hands of experts. Diverse users operate person- 
al computers and can also have access to mo- 
dems, encryption tools, and inft rmation stored 
in remote computers. This can empower indi- 
viduals who might otherwise be isolated by dis- 
abilities, distance, or time. Lower cost 
computing also means that businesses rely 
more on electionic information and informa- 
tion transfer. But, lower cost computing also 
empowers those who might intrude into per- 
sonal information, or criminals who might seek 
to profit from exploiting the technology. Poten- 
tial intruders can operate from anywhere in the 



world if they can find a vulnerability in the net- 
work. 

Computer networks allow more interactivity. 
Online newspapers and magazines allow read- 
ers to send back comments and questions to re- 
porters; online discussion groups allow widely 
dispersed individuals to discuss diverse issues; 
pay-per-view television allows viewers to 
select what they want to see. Consequently, 
providers must consider new responsibilities — 
such as protecting customer privacy 1 1 — result- 
ing from interactivity. 

Information technology has done more than 
make it possible to do things faster or easier — 
electronic commerce has transformed and 
created industries. Successful companies de- 
pend on the ability to identify and contact po- 
tential customers; customer buying habits and 
market trends are increasingly valuable as busi- 
nesses try to maximize their returns. Manufac- 
turing is becoming increasingly dependent on 
receiving and making shipments "just in time M 
and no earlier or later to reduce inventories. 
Documents critical to business transactions — 
including electronic funds — are increasingly 
stored and transferred over computer networks. 
Electronic information has opened new ques- 
tions about copyright, ownership, and respon- 
sibility for information. Rights in paper-based 
and oral information have been developed 
through centuries of adaptation and legal prece- 
dents. Information in electronic form can be 
created, distributed, and used very differently 
than its paper-based counterparts, however. 
1 Measures to streamline operations through use 
of information technology and networks re- 
quire careful attention to technical and institu- 
tional safeguards. For example, combining 
personal records into a central database, in or- 



1 1 In this repot. OTA uses the icrmconfidentialitylo refer to disclosure of information only to authorized individuals, entities, and so forth. 
Privacy refers to tnc social balance between an individuals right to keep information confidential and the societal benefit derived from sharing 
information, and how this balance is codified to give individuals the means to control personal information. The terms arc not mutually exclu- 
sive: safeguards that help ensure confidentiality of information can be used to protect personal privacy. 
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der to improve data processing efficiency, can 
put privacy at risk if adequate safeguards are 
not also implemented. In addition, many types 
of information safeguards are still relatively 
new, and methods to balance risks and the costs 
of protecting information are not fully devel- 
oped. 

Distributed computing and open systems can 
make every user essentially an "insider." This 
means that responsibility for safeguarding in- 
formation becomes distributed as well, potential- 
ly putting the system at greater risk. With the rapid 
changes in the industry, the responsibilities of 
each network provider to other providers and to 
customers may not be as clear as in the past. Even 
though each player may be highly 'rusted, the 
overall level of trust in the network necessarily de- 
creases, unless the accountability of each of the 
many intermediaries is very strict. Thus, users 
must take responsibility for safeguarding in- 
formation, rather than relying on intermediaries to 
provide adequate protection. 

I Background of the OTA Assessment 

In May 1993, Senator William V. Roth, Jr., Rank- 
ing Minority Member of the Senate Committee on 
Governmental Affairs, requested that the Office of 
Technology Assessment (OTA) study the chang- 
ing needs for protecting (unclassified) informa- 
tion and for protecting the privacy of individuals, 
given the increased connectivity of information 
systems within and outside government and the 
growth in federal support for large-scale net- 
works. Senator Roth requested that OTA assess 
the need for new or updated federal computer-se- 
curity guidelines and federal computer-security 
and encryption standards. Senator John Glenn, 
Chairman of the Senate Committee on Govern- 
mental Affairs, joined in the request, noting that 
it is incumbent for Congress to be informed and 
ready to develop any needed legislative solutions 
for these emerging information-security and pri- 
vacy issues. Congressman Edward J. Markey, 
Chairman of the House Subcommittee on Tele- 
communications and Finance, also joined in en- 
dorsing the study (see request letters in appendix 
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The Clipper chip. 

A). After consultation with requesting staff, OTA 
prepared a proposal for an expedited study; the 
proposal was approved by the Technology As- 
sessment Board in June 1993. 

This report focuses on safeguarding unclassi- 
fied information in networks, not on the security 
or survivability of networks themselves, or on the 
reliability of network services to ensure informa- 
tion access. The report also does not focus on 
"computer crime" per se (a forthcoming OTA 
study, Information Technologies for Control of 
Money Laundering, focuses on financial crimes). 
This study was done at the unclassified level. 
Project staff did not receive or use any classified 
information during the course of the study. 

The widespread attention to and the signifi- 
cance of the Clinton Administration's escrowed- 
encryption initiative resulted in an increased focus 
on the processes that the government uses to regu- 
late cryptography and to develop federal infor- 
mation processing standards (the FIPS) based 
on cryptography. Cryptography is a fundamental 
technology for protecting the confidentiality of in- 
formation, as well as for checking its integrity and 
authenticating its origin. 

Cryptography was originally used to protect 
the confidentiality of communications, through 
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encryption; it is now also used to protect the confi- 
dentiality of information stored in electronic form 
and to protect the integrity and authenticit) of 
both transmitted and stored information. With the 
advent of what are called public-key techniques, 
cryptography came into use for digital signatures 
that are of widespread interest as a means for elec- 
tronically authenticating and signing commercial 
transactions like purchase orders, tax returns, and 
funds transfers, as well as for ensuring that unau- 
thorized changes or errors are detected. These 
functions are critical for electronic commerce. 
Techniques based on cryptography can also help 
manage copyrighted material and ensure its prop- 
er use. 

This study builds on the previous OTA study of 
computer and communications security, Defend- 
ing Secrets, Sharing Data: New Locks and Keys 
for Electronic Information, OTA-CIT-3 1 0 (Wash- 
ington, DC: U.S. Government Printing Office, 
October 1 987). The 1 987 study focused on securi- 
ty for unclassified information within relatively 
closed networks. Since then, new information se- 
curity and privacy issues have resulted from ad- 
vances in networking, such as the widespread use 
of the Internet and development of the informa- 
tion infrastructure, and from the prospect of net- 
working as a critical component of private and 
public-sector functions. These advances require 
appropriate institutional and technological safe- 
guards for handling a broad range of personal, 
copyrighted, sensitive, and proprietary informa- 
tion. This study also builds on intellectual-proper- 
ty work in Finding a Balance: Computer 
Software, Intellectual Property, and the Chal- 
lenge of Technological Change, OTA-TCT-527 
(Washington, DC: U.S. Government Printing Of- 
fice, May 1992); the analysis of issues related to 
digital libraries and other networked information 
resources in Accessibility and Integrity of Net- 
worked Information Collections, BP-TCT-109 
(Washington, DC: OTA, August 1993); and the 
analysis of privacy issues in Protecting Privacy in 
Computerized Medical Information, OTA- 
TCT-576 (Washington, DC: U.S. Government 
Printing Office, September 1993). 



In addition to meetings and interviews with ex- 
perts and stakeholders in government, the private 
sector, and academia, OTA broadened participa- 
tion through the study's advisory paiiel and 
through four project workshops (see list of work- 
shop participants in appendix D). The advisory 
panel met in April 1 994 to discuss a draft of the re- 
port and advise the project staff on revisions and 
additions. To gather expertise and perspectives 
from throughout OTA, a "shadow panel" of 1 1 
OTA colleagues met with project staff as needed 
to discuss the scope and subject matter of the re- 
port. 

At several points during the study, OTA staff 
met formally and informally with officials anc. 
staff of the National Institute of Standards and 
Technology (NIST) and the National Security 
Agency (NSA). Individuals from these agencies, 
as well as from the Office of Management and 
Budget (OMB), the Office of Science and 
Technology Policy, the Department of Justice, the 
Federal Bureau of Investigation, the General 
Services Administration, the Patent and Trade- 
mark Office, the Copyright Office, the General 
Accounting Office, and several mission agencies, 
were among the workshop participants and were 
invited to review a draft of the report (see list of re- 
viewers whoprovided comments in appendix E). 

SAFEGUARDING NETWORKED 
INFORMATION 

The information infrastructure is already interna- 
tional: networks like the Internet seamlessly cross 
national borders. Networked information is simi- 
larly borderless. Achieving consensus regarding 
information safeguards among the diverse stake- 
holders worldwide is more difficult than solving 
many technical problems that might arise. The 
federal government can help resolve many of 
these interrelated issues. But they must be solved 
systematically, not piecemeal, in order to attain an 
overall solution. 

This reporc focuses on policy issues and op- 
tions regarding cryptography policy, guidance on 
safeguarding information in federal agencies, and 
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legal issues of electronic commerce, personal pri- 
vacy, and copyright. These policy issues and op- 
tions are summarized in the next section of this 
chapter. The remainder of this section summarizes 
other findings regarding the development and de- 
ployment of safeguard technologies (for a detailed 
discussion, see chapter 2). 

The fast-changing and competitive market- 
place that produced the Internet and a strong net- 
working and software industry in the United 
States has not consistently produced products 
equipped with affordable, easily used safeguards. 
In general, many individual products and tech- 
niques are currently available to adequately safe- 
guard specific information networks — provided 
the user knows what to purchase, and can afford 
and correctly use the product. Nevertheless, better 
and more affordable products are needed. In par- 
ticular, there is a need for products that integrate 
security features with other functions for use hi 
electronic commerce, electronic mail, or other ap- 
plications. 

More study is needed to fully understand ven- 
dors' responsibilities with respect to software and 
hardware product quality and liability. More study 
is also needed to understand the effects of export 
controls on the domestic and global markets for 
information safeguards and on the ability of safe- 
guard developers and vendors to produce more af- 
fordable products. Broader efforts to safeguard 
networked information will be frustrated unless 
cryptography-policy issues are resolved (see 
chapter 4). 

A public-key infrastructure (PKI) is a critical 
underpinning for electronic commerce and trans- 
actions. The e^blishment of a system of certifi- 
cation authorities and legal standards, in turn, is 
essential to the development of a public-key infra- 
structure and to safeguarding business and per- 
sonal transactions. Current PKI proposals need 
further development and review, however, before 
they can be deployed successfully. 

Ideally, the safeguards an organization imple- 
ments to protect networked information should re- 
flect the organization's overall objectives. In 
practice, this is often not the case. Network de- 
signers must continuously struggle to balance 



utility, cost, and security. Information can never 
be absolutely secured, so safeguarding informa- 
tion is not so much an issue of how to secure in- 
formation as one of how much security a 
government agency or business can justify. 

There is a great need for federal agencies, as 
well as other organizations, to develop more ro- 
bust security policies that match the reality of 
modern information networks. These policies 
should support the specific agency objectives and 
interests, including but not limited to policies re- 
garding private information. The policies must 
also anticipate a future where more information 
may be shared among agencies. Finally, these po- 
licies should be mandated from the highest level. 

The single most important step toward im- 
plementing proper safeguards for networked 
information in a federal agency or other organiza- 
tion is for its top management to define the orga- 
nization's overall objectives and a security policy 
to reflect those objectives. Only top management 
can consolidate the consensus and apply the re- 
sources necessary to effectively protect net- 
worked information. For the federal government, 
this means guidance from OMB, commitment 
from top agency management, and oversight by 
Congress. 

Both risk analysis and principles of due care 
need further development. Neither approach is 
necessarily always appropriate and therefore nei- 
ther is always sufficient to provide a strong de- 
fense against liability in the case of a monetary 
loss related to loss, theft, or exposure of net- 
worked information. A combination of the two 
approaches will likely provide improved protec- 
tion. Before formal models can be successful for 
safeguarding the exchange of information among 
government agencies or other organizations, the 
entities must first review and coordinate their in- 
formation-security policies. These policies can 
then be implemented according to new or existing 
formal models as needed. OTA found in its inter- 
views, however, that while exploration into new 
types of formal models may be warranted, there is 
considerable doubt about the utility of formal 
models for safeguarding networked information, 
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particularly to protect the integrity and availabil- 
ity of information. 

The federal government's trusted product eval- 
uation process is not, and will not soon be, effec- 
tive for delivering products that adequately 
protect unclassified information in network envi- 
ronments. Alternatives to that approach appear 
promising, however, including (but not limited to) 
NIST's Trusted Technology Assessment Pro- 
gram. Generally Accepted System Security Prin- 
ciples (GSSP) also have strategic importance for 
establishing due care guidelines for cost-justify- 
ing safeguards, as targets for training and profes- 
sional programs, and as targets for insurance 
coverage. The current federal effort in GSSP will 
not produce immediate results, but the effort is 
overdue and OTA found wide support for its mis- 
sion. Efforts to "professionalize" the information 
security field are important, but will not produce 
significant results for some time. Success depends 
significantly upon the success of Generally Ac- 
cepted System Security Principles and their adop- 
tion in industry and government. 

Emergency response efforts are vital to safe- 
guarding networked information, due to the rela- 
tive lack of shared information about vulner- 
abilities on information networks. Expanding cur- 
rent efforts could further improve the coordination 
of system administrators and managers charged 
with protecting networked information. 

Criminal and civil sanctions constitute only 
one aspect of safeguarding networked informa- 
tion. Further study is needed to determine the ef- 
fectiveness of such sanctions, as opposed to 
improving the effectiveness of law enforcement to 
act on existing laws. With the rapid expansion of 
the networked society, there is a great need to sup- 
port reevaluation of fundamental ethical prin- 
ciples — work that is currently receiving too little 
attention. More resources also could be applied to 
study and improve the methods and materials used 
in education of ethical use of networked informa- 
tion, so that more effective packages are available 
to schools and organizations that train users. Fi- 
nally, more resources could also be directly ap- 
plied to educate users (including federal 



employees, students, and the public at large) about 
ethical behavior. 

POLICY ISSUES AND OPTIONS 

Tnis report focuses on policy issues in three areas: 
1) national cryptography policy, including federal 
information processing standards and export con- 
trols; 2) guidance on safeguarding unclassified in- 
formation in federal agencies; and 3) legal issues 
and information security, including electronic 
commerce, privacy, and intellectual property. 
Chapter 4 discusses cryptography policy and 
guidance on safeguarding information in federal 
agencies. It examines the current public contro- 
versies regarding the Clinton Administration's es- 
crowed-encryption initiative and the development 
of new federal information processing standards 
based on cryptography. Because the Computer Se- 
curity Act of 1 987 (Public Law 1 00-235) is signif- 
icant for both development of the FIPS and 
agency guidance on safeguarding information, 
chapter 4 also examines the act in some depth, in- 
cluding the continuing controversies concerning 
its implementation and the working relationship 
between NIST and NSA. 

Chapter 3 examines legal issues including: dis- 
cussion of nonrepudiation services and digital sig- 
natures for electronic commerce; the Privacy Act 
of 1 974 and the implications for the United States 
of privacy initiatives in the European Union; and 
copyright for networked information and multi- 
media works. 

I National Cryptography Policy 

The federal government faces a fundamental ten- 
sion between two important policy objectives: 1) 
fostering the development and widespread use of 
cost-effective information safeguards, and 2) con- 
trolling the proliferation of safeguard technolo- 
gies that can impair U.S. signals-intelligence and 
law-enforcement capabilities. This tension runs 
throughout the government's activities as a devel- 
oper, user, and regulator of safeguard technolo- 
gies. This tension is manifested in concerns over 
the proliferation of cryptography that could im- 
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pair U.S. signals intelligence and law enforce- 
ment, and in the resulting struggle to control 
cryptography through use of federal standards and 
export controls. 

Despite the growth in nongovernmental cryp- 
tographic research and safeguard development 
over the past 20 years, the federal government still 
has the most expertise in cryptography. 12 There- 
fore, the federal information processing standards 
developed by NIST substantially influence the de- 
velopment and use of safeguards based on cryp- 
tography in the private sector as well as in 
government. 13 The nongovernmental market for 
cryptography-based products has grown in the last 
20 years or so, but is still developing. Export con- 
trols also have substantial significance for the de- 
velopment and use of these technologies. 
Therefore, Congress's choices in setting national 
cryptography policies (including standards and 
export controls) affect information security and 
privacy in society as a whole. 

Cryptography has become a technology of 
broad application; thus, decisions about cryptog- 
raphy policy have increasingly broad effects on 
society. The effects of policies about cryptogra- 
phy are not limited to technological developments 
in cryptography, or even to the health and vitality 
of companies that produce or use products incor- 
porating cryptography. Instead, these policies will 
increasingly affect the everyday lives of most 
/ .mericans: cryptography will be used to help en- 
sure the confidentiality and integrity of health re- 
cords and tax returns; it will help speed the way to 



electronic commerce; and it will help manage 
copyrighted material in electronic form. 

Policy debate over cryptography used to be as 
arcane as the technology itself. Most people didn't 
regard government decisions about cryptography 
as directly affecting their lives. However, as the 
communications technologies used in daily life 
have changed, concern over the implications of 
privacy and security policies dominated by na- 
tional security objectives has grown dramatically, 
particularly in business and academic communi- 
ties that produce or use information safeguards, 
but among the general public as well. This con- 
cern is reflected in the ongoing debates over key- 
escrow encryption and the government's 
Escrowed Encryption Standard (EES). 14 

Previously, control of the availability and use 
of cryptography was presented as a national-secu- 
rity issue focused outward, with the intention of 
maintaining a U.S. technological lead over other 
countries. Now, with an increasing policy focus 
on domestic crime and terrorism, the availability 
and use of cryptography has also come into promi- 
nence as a domestic-security, law-enforcement 
issue. More widespread foreign use of cryptogra- 
phy — including use by terrorists and developing 
countries — makes U.S. signals intelligence more 
difficult. Within the United States, cryptography 
is increasingly portrayed as a threat to domestic 
security (public safety) and a barrier to law en- 
forcement if it is readily available for use by ter- 
rorists or criminals. There is also growing 



12 The governmental monopoly on cryptography has been eroding. Over the past three decades, the government's struggle for control has 
been exacerbated by technological advances in computing and microelectronics that have made inexpensive cryptography potentially ubiqui- 
tous, and by increasing private-sector capabilities in cryptography (as evidenced by independent development of commercial, public-key en- 
cryption systems). These developments have made possible the increasing reliance on digital communications and information processing for 
commercial transactions and operations in the public and private sectors. Together, they have enabled and supported a growing industry seg- 
ment offering a variety of hardware- and software-based information safeguards based on cryptography. 

1 3 With respect to information safeguards based on cryptography, national-security concerns shape the safeguard standards (i.e.. the FIPS) 
available to agencies for safeguarding unclassified information. Thcrcfoic, these concerns also affect civilian agencies that are usually not 
thought of in conjunction with national security. 

14 The EES is intended for use in safeguarding voice, facsimile, or computer data communicated in a telephone system. The Clipper chip is 
designed for use in telephone systems; it contains the EES encryption algorithm, called SKIPJACK. The Clipper chip is being used in the AT&T 
Surity Telephone Device 3600, which has a retail price of about $1 ,100. 
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recognition of the potential misuses of cryptogra- 
phy, such as by disgruntled employees as a means 
to sabotage an employer's databases. Thus, export 
controls, intended to restrict the international 
availability of U.S. cryptography technology and 
products, are now being joined with domestic 
cryptography initiatives intended to preserve U.S. 
law-enforcement and signals-intelligence capa- 
bilities. 

Federal Information Processing Standards 
Based on Cryptography 

The Escrowed Encryption Standard has been pro- 
mulgated by the Clinton Administration as a vol- 
untary alternative to the original federal 
encryption standard used to safeguard unclassi- 
fied information, the Data Encryption Standard 
(DES). A key-escrowing scheme is built in to en- 
sure lawfully authorized electronic surveillance 
when key-escrow encryption is used (see box 2-7 
and box 4-2). The federal Digital Signature Stan- 
dard (DSS) uses a public-key signature technique 
but does not offer public-key encryption or key- 
management functions (see box 4-4). Therefore, 
it cannot support secure exchange of cryptograph - 
ic keys for use with the DES or other encryption 
algorithms. 

In OTA's view, both the EES and the DSS are 
federal standards that are part of a long-term con- 
trol strategy intended to retard the general avail- 
ability of "unbreakable" or "hard to break" 
cryptography within the United States, for reasons 
of national security and law enforcement. It ap- 
pears that the EES is intended to complement the 
DSS in this overall encryption-control strategy, by 



discouraging future development and use of en- 
cryption without built-in law enforcement access, 
in favor of key-escrow encryption and related 
technologies. Wide use of the EES and related 
technologies could ultimately reduce the variety 
of other cryptography products through market 
dominance that makes the other products more 
scarce or more costly. 

Concerns over the proliferation of encryption 
that have shaped and/or retarded federal standards 
development have complicated federal agencies' 
technological choices. For example, as appendix 
C explains, national security concerns regarding 
the increasingly widespread availability of robust 
encryption — and, more recently, patent prob- 
lems — contributed to the extraordinarily lengthy 
development of a federal standard for digital sig- 
natures: NIST first published a solicitation for 
public-key cryptographic algorithms in 1982, and 
the DSS was finally approved in May 1994. 

Public-key cryptography can be used for digital 
signatures, for encryption, and for secure distribu- 
tion or exchange of cryptographic keys. The DSS 
is intended to supplant, at least in part, the demand 
for other public-key cryptography by providing a 
method for generating and verifying digital signa- 
tures. However, while the DSS algorithm is a pub- 
lic-key signature algorithm, it is not a public-key 
encryption algorithm (see box 4-4). That means, 
for example, that it cannot be used to securely dis- 
tribute "secret" encryption keys, such as those 
used with the DES algorithm (see figure 2-4). 
Some sort of interoperable (i.e., standardized) 
method for secure key exchange is still needed. 15 
As this report was completed, the DSS had been 



15 One public-key algorithm that can be used for key distribution is the "RSA" algorithm; the RSA algorithm can encrypt. The RSA system 
was proposed in 1978 by Ronald Rivest, Adi Shamir, and Leonard Adleman. The Diffie-Hellman technique is another method for key genera- 
tion and exchange; it docs not encrypt (see figure 2-5). 
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issued, but there was no FIPS for public-key key 
exchange. 16 

The lengthy evolution of the DSS meant that 
federal agencies had begun to look to commercial 
products (e.g., based on the Rivest-Shamir-Adle- 
man, or RSA, system) to meet immediate needs for 
digital signature technology. The introduction of 
the EES additionally complicates agencies' tech- 
nological choices, in that the EES and related gov- 
ernment key-escrowing techniques (e.g., for data 
communication or file encryption) for may not be- 
come popular in the private sector for some time, 
if at all. As this report was finalized, the EES has 
not yet been embraced within government and is 
largely unpopular outside of government. There- 
fore, agencies may need to support multiple en- 
cryption technologies both for transactions (i.e., 
signatures) ana for communications (i.e., encryp- 
tion, key exchange) with each other, with the pub- 
lic, and with the private sector. 

In July 1 994, Vice President Al Gore indicated 
the Clinton Administration's willingness to ex- 
plore industry alternatives for key-escrow encryp- 
tion, including techniques based on unclassified 
algorithms or implemented in software. 17 These 
alternatives would be used to safeguard informa- 
tion in computer networks and video networks; 
the EES and Clipper chip would be retained for 
telephony. Whether the fruits of this exploration 
result in increased acceptance of key-escrow en- 
cryption within the United States and abroad will 
not be evident for some time. 



U.S. Export Controls on Cryptography 

The United States has two regulatory regimes for 
exports, depending on whether the item to be ex- 
ported is military in nature, or is "dual-use," hav- 
ing both civilian and military uses. These regimes 
are administered by the State Department and the 
Commerce Department, respectively. Both re- 
gimes provide export controls on selected goods 
or technologies for reasons of national security or 
foreign policy. Licenses are required to export 
products, services, or scientific and technical data 
originating in the United States, or to re-export 
these from another country. Licensing require- 
ments vary according to the nature of the item to 
be exported, the end use, the end user, and, in some 
cases, the intended destination. For many items, 
no specific approval is required and a "general li- 
cense" applies (e.g., when the item in question is 
not military or dual-use and/or is widely available 
from foreign sources). In other cases, an export 
license must be applied for from either the State 
Department or the Commerce Department, de- 
pending on the nature of the item. In general, the 
State Department's licensing requirements are 
more stringent and broader in scope. 18 

Software and hardware for robust, user-con- 
trolled encryption are under State Department 
control, unless State grants jurisdiction to Com- 
merce. This has become increasingly controver- 
sial, especially for the information technology and 
software industries. The impact of export controls 



16 Two implementations of the EES encryption algorithm that are used in data communications— the Capstone chip and the TESSERA 
card— do contain a public-key Key Exchange Algorithm (KEA). However, at this .vriting.the Key Exchange Algorithm is not part of any FIPS. 
Therefore, organizations that do not use Capstone or TESSERA still need to select a secure and interoperable form of key distribution. The 
Capstone chip is used for data commMnications and contains the EES algorithm (called SKIPJACK), as well as digital-signature and key-ex- 
chajigc functions. However, at this writing, the Key Exchange Algorithm ts not part of any FIPS. Therefore, organizations that do not use Cap- 
stone or TESSERA still need to select a secure and interoperable form of key distribution. TESSERA is a PCMCIA card that contains a Capstone 
chip. 

17 Vice President Al Gore, letter to Representative Maria Cantwcll, July 20. 1994. Sec also Neil Munro/Thc Key to Clipper Available to the 
World." Washington Technology, July 28, 1994. pp. 1. 18. 

18 For a comparison of the two export-control regtmes. see U.S. General Accounting Office. Export Controls: Issues in Removing Militarily 
Sensitive Items jrom the Munitions List. GACVNSI AD- 93 -67 (Washington. DC: U.S. Government Printing Office. March I W). especially pp. 
\0-\X 
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on the overall cost and availability of safeguards is 
especially' troublesome to business and industry at 
a time when U.S. high-technology firms find 
themselves as targets for sophisticated foreign-in- 
telligence attacks and thus have urgent need for 
sophisticated safeguards that can be used in opera- 
tions worldwide. 19 Moreover, software producers 
assert that several other countries do have more re- 
laxed export controls on cryptography. 

On the other hand, U.S. export controls may 
have substantially slowed the proliferation of 
cryptography to foreign adversaries over the 
years. Unfortunately, there is little public explana- 
tion regarding the degree of success of these ex- 
port controls and the necessity for maintaining 
strict controls on strong cryptography in the face 
of foreign supply and networks like the Internet 
that seamlessly cross national boundaries. (See 
the OTA report Export Controls and Nonprolifer- 
ation Policy, OTA-ISS-596, May 1 994, for a gen- 
eral discussion of the costs and benefits of export 
controls on dual-use goods.) 

New licensing procedures were expected to ap- 
pear in the Federal Register in summer 1 994; they 
had not appeared by the time this report was com- 
pleted. Changes were expected to include license 
reform measures to reduce the need to obtain indi- 
vidual licenses for each end user, rapid review of 
export license applications, personal-use exemp- 
tions for U.S. citizens temporarily taking encryp- 
tion products abroad for their own use, and special 
licensing arrangements allowing export of key-es- 
crow encryption products (e.g., EES products) to 
most end users. 20 The Secretary of State has asked 
encryption-product manufacturers to evaluate the 



impact of these reforms over the next year and pro- 
vide feedback on how well they have worked, as 
well as recommendations for additional procedur- 
al reforms. 

In the 103d Congress, legislation intended to 
streamline export controls and ease restrictions on 
mass-market compute^ software, hardware, and 
technology, including certain encryption soft- 
ware, was introduced by Representative Maria 
Cantwell (H.R. 3627) and Senator Patty Murray 
(S. 1 846). In considering the Omnibus Export Ad- 
ministration Act (H.R. 3937), the House Commit- 
tee on Foreign Affairs reported a version of the bill 
in which most computer software (including soft- 
ware with encryption capabilities) was under 
Commerce Department controls and in which ex- 
port restrictions for mass-market software with 
encryption were eased. 21 In its report, the House 
Permanent Select Committee on Intelligence 
struck out this portion of the bill and replaced it 
with a new section calling for the President to re- 
port to Congress within 1 50 days of enactment, re- 
garding the current and future international 
market for software with encryption and the eco- 
nomic impact of U.S. export controls on the U.S. 
computer software industry. 22 

At this writing, the omnibus export administra- 
tion legislation was still pending. Both the House 
and Senate bills contained language calling for the 
Clinton Administration to conduct comprehen- 
sive studies on the international market and avail- 
ability of encryption technologies and the 
economic effects of U.S. export controls. In his 
July 20, 1994 letter to Representative Cantwell, 



19 The Threat of Foreign Economic Espionage Jo U.S. Corporations. Hearings Before the Subcommittee on Economic and Commercial 
Law. House Committee on the Judiciary. Serial No. 65, I02d Cong., 2d sess.. Apr 29 and May 7, 1992. 

20 Rose Biancaniello. Office of Defense Trade Controls. Bureau of Political- Military Affairs. U.S. Department of Slate, personal commu- 
nication. May 24. 1994. 

21 U.S. Congress, House of Representatives. Omnibus Export Administration Act of 1994. H. Rept. 103-531 . 103d Cong.. 2d scss.. Parts I 
(Committee on Foreign Affairs. May 25. 1994). 2 (Permanent Select Committee on Intelligence. June 16. 1994). 3 (Committee on Ways and 
Means, June 7. 1994), and 4 (Committee on Armed Services. June 17. 1994) (Washington. DC. U.S. Government Printing Office, 1994); and 
H.R. 4663 (Omnibus Export Administration Act of 1 994. June 28. 1994). For the cryptography provisions, see Omnibus Export Administration 
Act of 1994. Part I. pp. 57-58 (H.R. 3937. sec. 1 17(c)(l )-(4)). 

22 Omnibus Export Administration Act of 1994. Part 2. pp. I -5 (H.R. 3937. sec. 1 17(c) (1 )-(3)). 
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Vice President Gore assured her that the "best 
available resources of the federal government" 
would be used in conducting these studies and that 
the Clinton Administration will "reassess our ex- 
isting export controls based on the results of these 
studies/' 23 

Implementation of the Computer 
Security Act of 1987 

The Computer Security Act of 1987 is fundamen- 
tal to development of federal standards for safe- 
guarding unclassified information, balancing 
national-security and other objectives in imple- 
menting security and privacy policies within the 
federal government, and issues concerning gov- 
ernment control of cryptography. Moreover, re- 
view of the controversies and debate surrounding 
the act — and subsequent controversies over its 
implementation — provides background for un- 
derstanding current issues concerning the EES 
and the DSS. 

The Computer Security Act of 1987 (see text in 
appendix B) was a legislative response to overlap- 
ping responsibilities for computer security among 
several federal agencies, heightened awareness of 
computer security issues, and concern over how 
best to control information in computerized or 
networked form. The act established a federal 
government computer-security program that 
would protect all sensitive, but unclassified, in- 
formation in federal government computer sys- 
tems and would develop standards and guidelines 
to facilitate such protection. Specifically, the 
Computer Security Act assigned responsibility 
for developing government-wide, computer-sys- 
tem security standards and guidelines and securi- 
ty-training programs to the National Bureau of 
Standards (now the National Institute of Stan- 
dards and Technology, or NIST). The act also es- 



tablished a Computer System Security and 
Privacy Advisory Board within the Department of 
Commerce, and required Commerce to promul- 
gate regulations based on NIST guidelines. Addi- 
tionally, the act required federal agencies to 
identify computer systems containing sensitive 
information, to develop security plans for identi- 
fied systems, and to provide periodic training in 
computer security for all federal employees and 
contractors who manage, use, or operate federal 
computer systems. 

In its workshops and discussions with federal 
employees and knowledgeable outside observers, 
OTA found that these provisions of the Computer 
Security Act are viewed as generally adequate as 
written, but that their implementation can be prob- 
lematic. OTA found strong sentiment that agen- 
cies follow the rules set forth by the Computer 
Security Act, but not necessarily the full intent of 
the act (also see discussion of OMB Circular 
A- 130 below). 

The Computer Security Act gave final author- 
ity for developing government-wide standards 
and guidelines for unclassified, but sensitive, in- 
formation and for developing government-wide 
training programs to NIST (then the National Bu- 
reau of Standards). In carrying out these responsi- 
bilities, NIST can draw on the substantial 
expertise of NS A and other relevant agencies. 

Implementation of the Computer Security Act 
has been especially controversial regarding the 
roles of NIST and NS A in standards development. 
A 1989 memorandum of understanding (MOU) 
between the Director of NIST and the Director of 
NSA established the mechanisms of the working 
relationship between the two agencies in imple- 
menting the act. 24 This memorandum of under- 
standing has been controversial. Observers — 
including OTA — consider that it appears to cede 



23 yj cc p rcs jd en t A| Gore, op, cit.. footnote 1 7. 

24 Memorandum of Understanding Between the Director of the National Institute of Standards and Technology and the Director of the Na- 
tionnl Security Agency Concerning the Implementation of Public Law 100-235. Mar. 23, 1989. (See text of MOU in appendix B.) 

23, 
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to NSA much more authority than the act itself 
had granted or envisioned, especially considering 
the House report accompanying the legislation. 25 
The joint NIST/NSA Technical Working 
Group (TWG) established by the memorandum of 
understanding merits particular attention. The 
MOU authorizes NIST and NSA to establish the 
working group to ''review and analyze issues of 
mutual interest pertinent to protection of systems 
that process sensitive or other unclassified in- 
formation/' Where the act had envisioned NIST 
calling on NSA's expertise at its discretion, the 
MOLTs working-group mechanism involves NSA 
in all NIST activities related to information-secu- 
rity standards and technical guidelines, as well as 
proposed research programs that would support 
them. 

For example, the standards-appeal mechanism 
set forth in the Computer Security Act allowed the 
President to disapprove or modify standards or 
guidelines developed by NIST and promulgated 
by the Secretary of Commerce, if he or she deter- 
mined such an action to be in the public interest. 
Should the President disapprove or modify a stan- 
dard or guideline that he or she determines will not 
serve the public interest, notice must be submitted 
to the House Committee on Government Opera- 
tions and the Senate Committee on Governmental 
Affairs, and must be published. promptly in the 
Federal Register. 26 By contrast, interagency dis- 
cussions and negotiations by agency staffs under 
the MOU can result in delay, modification, or 
abandonment of proposed NIST standards activi- 
ties, without notice or the benefit of oversight that 
is required by the appeals mechanism set forth in 
the Computer Security Act. 



Thus, the provisions of the memorandum of 
understanding give NSA power to delay and/or 
appeal any NIST research programs involving 
"technical system security techniques" (such as 
encryption), or other technical activities that 
would support (or could lead to) proposed stan- 
dards or guidelines that NSA would ultimately 
object to. 27 

NIST and NSA disagree with these conclu- 
sions. According to NIST and NSA officials who 
reviewed a draft of this report, NIST has retained 
its full authority in issuing federal information 
processing standards and NS A's role is merely ad- 
visory. In discussions with OTA, officials from 
both agencies maintained that no part of the MOU 
is contrary to the Computer Security Act of 1987, 
and that the controversy and concerns are due to 
"misperceptions." 28 

When OTA inquired about the MOU/TWG ap- 
peals process in particular, officials in both agen- 
cies maintained that the appeals process does not 
conflict with the Computer Security Act of 1987 
because it concerns proposed research and devel- 
opment projects that could lead to future NIST 
standards, not fully developed NIST standards 
submitted to the Secretary of Commerce or the 
President. 29 In discussions with OTA, senior 
NIST and NSA staff stated that the appeals mech- 
anism specified in the Computer Security Act has 
never been used, and pointed to this as evidence of 
how well the NIST/NSA relationship is working 
in implementing the act. 30 In discussions with 
OTA staff regarding a draft of this OTA report, 
Clinton Brooks, Special Assistant to the Director 
of NSA, stated that cryptography presents special 



25 U.S. House of Representatives. Computer Security Act of 198?— Report to Accompany //. R. 145.H. Rcpt. No. 1 00- 1 53, Parti (Committee 
on Science, Space, and Technology) and Part 11 (Committee on Government Operations), 100th Cong., 1st scss., June II, 1987. 

26 Public Law 100-235, sec. 4. The President cannot delegate authority to disapprove or modify proposed NIST standards 

27 MOU. op. cit., f(H)tnote 24, sees. III(5)-(7). 

28 OTA staff interviews with NIST and NSA officials in October 1993 and January 1 994. 

29 OTA staff interviews, ibid. 

M) OTA staff interview with M Rubin (Deputy Chief Counsel. NIST) on Jan. 13, 1994and with four NSA representatives on Jan. 19, 1994. 
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problems with respect to the Computer Security 
Act, and that if NSA waited until NIST announced 
a proposed standard to * >ice national security 
concerns, the technology would already be "out" 
via NIST's public standards process. 31 

However, even if implementation of the Com- 
puter Security Act of 1987, as specified in the 
MOU, is satisfactory to both NIST and NSA, this 
is not proof that it meets Congress's expectations 
in enacting that legislation. Moreover, chronic 
public suspicions of and concerns with federal 
safeguard standards and processes are counterpro- 
ductive to federal leadership in promoting respon- 
sible use of safeguards and to public confidence in 
government. 

It may be the case that using two executive 
branch agencies as the means to effect a satisfacto- 
ry balance between national security and other 
public interests in setting safeguard standards will 
inevitably be limited, due to intrabranch coordina- 
tion mechanisms in the National Security Council 
and other bodies. These natural coordination 
mechanisms will determine the balance between 
national-security interests, law-enforcement in- 
terests, and other aspects of the public interest. 
The process by which the executive branch 
chooses this balancing point may inevitably be 
obscure outside the executive branch. (For exam- 
ple, the Clinton Administration's recent cryptog- 
raphy policy study is classified, with no public 
summary.) 

Public visibility into the decision process is 
only through its manifestations in a FIPS, in ex- 
port policies and procedures, and so forth. When 
the consequences of these decisions are viewed by 
many of the public as not meeting important 
needs, or when the government's preferred techni- 
cal "solution" is not considered acceptable, a lack 
of visibility, credible explanation, and/or useful 
alternatives fosters mistrust and frustration. 

Technological variety — having a number of al- 
ternatives to choose from — is important in meet- 
ing the needs of a diversity of individuals and 



communities. Sometimes federal safeguard stan- 
dards are accepted as having broad applicability. 
But it is not clear that the government can — or 
should — develop all-purpose technical safeguard 
standards, or that the safeguard technologies be- 
ing issued as FIPS can be made to meet the range 
of user needs. More open processes for determin- 
ing how safeguard technologies are to be devel- 
oped and/or deployed throughout society can 
better ensure that a variety of user needs are met 
equitably. If it is in the public interest to provide a 
wider range of technical choices than those pro- 
vided by government-specified technologies (i.e., 
the FIPS), then vigorous academic and private- 
sector capabilities in safeguard technologies are 
required. 

More open policies and processes can be used 
to increase equity and acceptance in implement- 
ing cryptography and other technologies. The cur- 
rent controversies over cryptography can be 
characterized in terms of tensions between the 
government and individuals. They center on the 
issue of trust in government. Trust is a particular 
issue in cases like cryptography, when national- 
security concerns restrict the equal sharing of in- 
formation between the government and the 
public. Government initiatives of broad public ap- 
plication, formulated in secret and executed with- 
out legislation, naturally give rise to concerns 
over their intent and application. The process by 
which the EES was selected and approved was 
closed to those outside the executive branch. Fur- 
thermore, the institutional and procedural means 
by which key-escrow encryption is being 
deployed (such as the escrow-management proce- 
dures) continue to be developed in a closed forum. 

The Clinton Administration made a start at 
working more closely and more openly with in- 
dustry through a "Key Escrow Encryption Work- 
shop" held at NIST on June 10, 1994. The 
workshop was attended by representatives of 
many of the leading computer hardware and soft- 
ware companies, as well as attendees from gov- 



Clinton Brooks, Special Assistant to the Director, NSA, personal communication. May 25. 1994. 
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eminent and academia. The proposed action plan 
subsequent to the NIST workshop called for the 
establishment of joint industry-government 
working groups (with NIST leadership) to: eval- 
uate all known key-escrowing proposals accord- 
ing to criteria jointly developed by government 
and industry, hold a public seminar/workshop to 
discuss and document the results of this analysis, 
and prepare a report to be used as the basis for sub- 
sequent discussions between government offi- 
cials and the private sector. Based on the 
discussion and industry presentations at the meet- 
ing, there was increasing interest in exploring 
"other" approaches to key-escrow encryption that 
can be implemented in software, rather than just in 
hardware. 

On July 20, 1994, acknowledging industry's 
concerns regarding encryption and export policy, 
Vice President Gore sent a letter to Representative 
Cantwell that announced a "new phase** of coop- 
eration among government, industry, and privacy 
advocates. This will include working with indus- 
try to explore alternative types of key-escrow en- 
cryption, such as those based on unclassified 
algorithms or implemented in software; escrow- 
system safeguards, use of nongovernmental key- 
escrow agents, and liability issues will also be 
explored. This is in the context of computer and 
video networks, not telephony; the present EES 
(e.g., in the Clipper chip) would still be used for 
telephone systems. 

Congressional Review of 
Cryptography Policy 

Congress has vital, strategic roles in cryptography 
policy and, more generally, in safeguarding in- 
formation and protecting personal privacy in a 
networked society. Recognizing the importance 
of the technology and the policies that govern its 
development, dissemination, and use, Congress 
has asked the National Research Council (NRC) 
to conduct a major study that would support a 
broad review of cryptography. 

The results of the NRC study are expected to be 
available in 1 996. But, given the speed with which 
the Clinton Administration is acting, information 



to support a congressional policy review of cryp- 
tography is out of phase with the government's 
implementation of key-escrow encryption. There- 
fore: 

OPTION: Congress could consider placing a hold on 
further deployment of key-escrow encryption, pending 
a congressional policy review. 



An important outcome of a broad review of na- 
tional cryptography policy would be the develop- 
ment of more open processes to determine how 
cryptography will be deployed throughout soci- 
ety. This deployment includes development of the 
public-key infrastructures and certification au- 
thorities that will support electronic delivery of 
government services, copyright management, and 
digital commerce. 

More open processes would build trust and 
confidence in government operations and leader- 
ship. More openness would allow diverse stake- 
holders to understand how their views and 
concerns were being balanced with those of oth- 
ers, in establishing an equitable deployment of 
these technologies, even when some of the specif- 
ics of the technology remain classified. (See also 
the policy section below on safeguarding informa- 
tion in federal agencies.) More open processes 
would also allow for public consensus-building, 
providing better information for use in congres- 
sional oversight of agency activities. Toward 
these ends: 

OPTION: Congress could address the extent to which 
the current working relationship between NIST and NSA 
will be a satisfactory part of this open process, or the ex- 
tent to which the current arrangements should be re- 
evaluated and revised. 



Another important outcome of a broad policy 
review would be a clarification of national in- 
formation-policy principles in the face of techno- 
logical change: 
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OPTION: Congress could state its policy as to when the 
impacts of a technology (like cryptography) are so 
powerful and pervasive that legislation is needed to 
provide sufficient public visibility and accountability for 
government actions. 



For example, many of the concerns surround- 
ing the Escrowed Encryption Standard and the 
Clinton Administration's escrowed-encryption 
initiative, in general, focus on whether key-es- 
crow encryption will become mandatory for gov- 
ernment agencies or the private sector, if 
nonescrowed encryption will be banned, and/or if 
these actions could be taken without legislation. 
Other concerns focus on whether or not alternative 
forms of encryption would be available that would 
allow private individuals and organizations the 
option of depositing keys (or not) with one or 
more third-party trustees — at their discretion. 32 

The National Research Council study should 
be valuable in helping Congress to understand the 
broad range of technical and institutional alterna- 
tives available for various types of trusteeships for 
cryptographic keys, "digital powers of attorney," 
and the like. However, if implementation of the 
EES and related technologies continues at the cur- 
rent pace, key-escrow encryption may already be 
embedded in information systems before Con- 
gress can act on the NRC report. 

As part of a broad national cryptography 
policy, Congress may wish to periodically ex- 
amine export controls on cryptography, to ensure 
that these continue to reflect an appropriate bal- 
ance between the needs of signals intelligence and 
law enforcement and the needs of the public and 
business communities. This examination would 
take into account changes in foreign capabilities 
and foreign availability of cryptographic technol- 
ogies. Inforrmtion from industry on the results of 



licensing reforms and the executive branch study 
of the encryption market and export controls that 
was included in the 1994 export-administration 
legislation should provide some near-term in- 
formation. 

However, the scope and methodology of the ex- 
port-control studies that Congress might wish to 
use in the future may differ from these, Therefore: 

OPTION: Congress might wish to assess the validity 
and effectiveness of the Clinton Administration's stud- 
ies of export controls on cryptography by conducting 
oversight hearings, by undertaking a staff analysis, or 
by requesting a study from the Congressional Budget 
Office. 

Congressional Responses to 
Escrowed-Encryption Initiatives 

Congress also has a more near-term role to play in 
determining the extent to which — and how — the 
EES and other escrowed-encryption systems will 
be deployed in the United States. These actions 
can be taken within a long-term, strategic frame- 
work. Congressional oversight of the effective- 
ness of policy measures and controls can allow 
Congress to revisit these issues as needed, or as 
the consequences of previous decisions become 
more apparent. 

The Escrowed Encryption Standard (Clipper) 
was issued as a voluntary FIPS; use of the EES by 
the private sector is also voluntary. The Clinton 
Administration has stated that it has no plans to 
make escrowed encryption mandatory, or to ban 
other forms of encryption. But, absent legislation, 
these intentions are not binding for future admin- 
istrations and also leave open the question of what 
will happen if the EES and related technologies do 
not prove acceptable to the private sector. More- 
over, the executive branch may soon be using the 
EES and/or related escrowed-encryption technol- 
ogies to safeguard — among other things — large 



s? There arc reasons why organizations and individuals might want the option of placing copies of cryptographic keys with third-party 
trustees or custodians of their own choosing. For example, there is growing recognition of the problems that could occur if cryptography is used 
in corporations without adequate key management and without override capabilities by responsible corporate officers. These problems could 
include data being rendered inaccessible after having been encrypted by employees who subsequently leave the company (or die). 
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volumes of private information about individuals 
(e.g., taxpayer data, health-care information, and 
so forth). 

For these reasons, the EES and other key-es- 
crowing initiatives are by no means only an execu- 
tive branch concern. The EES and any subsequent 
escrowed-encryption standards also warrant con- 
gressional attention because of the public funds 
that will be spent in deploying them. Moreover, 
negative public perceptions of the EES and the 
processes by which encryption standards are de- 
veloped and deployed may erode public confi- 
dence and trust in government and, consequently, 
the effectiveness of federal leadership in promot- 
ing responsible safeguard use. 

In responding to current escrowed-encryption 
initiatives like the EES, and in determining the ex- 
tent to which appropriated funds should be used in 
implementing key-escrow encryption and related 
technologies: 

OPTION: Congress could address the appropriate 
locations of the key-escrow agents, particularly for fed- 
eral agencies, before additional investments are made 
in staff and facilities for them. Public acceptance of key- 
escrow encryption might be improved— but not as- 
sured—by an escrowing system that used separation 
of powers to reduce perceptions of the potential for mis- 
use. 



With respect to current escrowed-encryption 
initiatives like the EES, as well as any subsequent 
key-escrow encryption initiatives, and in deter- 
mining the extent to which appropriated funds 
should be used in implementing key-escrow en- 
cryption and related technologies: 

OPTION: Congress could address- the issue of criminal 
penalties for misuse and unauthorized disclosure of es- 
crowed key components. 



OPTION: Congress could consider allowing damages 
to be awarded for individuals or organizations who were 
harmed by misuse or unauthorized disclosure of es- 
crowed key components. 

I Safeguarding Information 
in Federal Agencies 

Congress has an even more direct role in estab- 
lishing the policy guidance within which federal 
agencies safeguard information, and in oversight 
of agency a»:d OMB measures to implement in- 
formation security and privacy requirements. The 
Office of Management and Budget is responsible 
for developing and implementing government- 
wide policies for information resource manage- 
ment; for overseeing the development and 
promoting the use of government information- 
management principles, standards, and guide- 
lines; and for evaluating the adequacy and 
efficiency of agency information-management 
practices. Information-security managers in fed- 
eral agencies must compete for resources and sup- 
port to properly implement needed safeguards. In 
order for their efforts to succeed, both OMB and 
top agency management must fully support in- 
vestments in cost-effective safeguards. Given the 
expected increase in interagency sharing of data, 
interagency coordination of privacy and security 
policies is also necessary to ensure uniformly ade- 
quate protection. 

The forthcoming revision of Appendix III 
("Agency Security Plans") of OMB Circular 
A- 130 is central to improved federal information 
security practices. The revision of Appendix III 
will take into account the provisions and intent of 
the Computer Security Act, as well as observa- 
tions regarding agency security plans and prac- 
tices that resulted from a series of agency visits 
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made by OMB, NIST, and NSA in 1992. 33 In 
practice, there are both insufficient incentives for 
compliance and insufficient sanctions for non- 
compliance with the spirit of the Computer Secu- 
rity Act. (For example, agencies do develop the 
required security plans; however, the act does not 
require agencies to review them periodically or 
update them as technologies or circumstances 
change. One result of this is that, "[s]ecurity of 
systems tends to atrophy over time unless there is 
a stimulus to remind agencies of its impor- 
tance." 34 Another result is that agencies may not 
treat security as an integral component when new 
systems are being designed and developed.) 

The forthcoming revision of Appendix III of 
OMB Circular A- 130 should lead to improved 
federal information-security practices. According 
to OMB, the revision of Appendix III will take 
into account the provisions and intent of the Com- 
puter Security Act of 1 987, as well as observations 
regarding agency security plans and practices 
from agency visits. To the extent that the revised 
Appendix III facilitates more uniform treatment 
across agencies, it can also make fulfillment of 
Computer Security Act and Privacy Act require- 
ments more effective with respect to data sharing 
and secondary uses. 

The revised Appendix III had not been issued 
by the time this report was completed. Although 
the Office of Technology Assessment discussed 
information security and privacy issues with 
OMB staff during interviews and a December 
1993 OTA workshop, OTA did not have access to 
a draft of the revised security appendix. Therefore, 
OTA was unable to assess the revision's potential 
for improving information security in federal 
agencies, for holding agency managers account- 
able for security, or for ensuring uniform protec- 
tion in light of data sharing and secondary uses. 



After the revised Appendix III of OMB Circu- 
lar A-130 is issued: 

OPTION: Congress could assess the effectiveness of 
the OMB's revised guidelines, including improvements 
in implementing the Computer Security Act's provisions 
regarding agency security plans and training, in order 
to determine whether additional statutory requirements 
or oversight measures are needed. 



This might be accomplished by conducting 
oversight hearings, undertaking a staff analysis, 
and/or requesting a study from the General Ac- 
counting-Office. However, the effects of OMB's 
revised guidance may not be apparent for some 
time after the revis- d Appendix III is issued. 

Therefore, a lew years may pass before GAO is 
able to report government-wide findings that 
would be the basis for determining the need for 
further revision or legislation. In the interim: 

OPTION: Congress could gain additional insight 
through hearings to gauge the reaction of agencies, as 
well as privacy and security experts from outside gov- 
ernment, to OMB's revised guidelines, 



Oversight of this sort might be especially valu- 
able for agencies, such as the Internal Revenue 
Service, that are developing major new informa- 
tion systems. 

In the course of its oversight and when consid- 
ering the direction of any new legislation: 

OPTION: Congress could ensure that agencies include 
explicit provisions for safeguarding information assets 
in any information-technology planning documents 



Office of Management and Budget (in conjunction with NIST and NSA), Observations of Agency Computer Security Practices and Im- 
plementation of OMB Bulletin No. 90-08: "Guidance for Preparation of Security Plans for Federal Computer Systems That Contain Sensitive 
Information." February 1993. 

u Ibid., p. II. 
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OPTION: Congress could ensure that agencies budget 
sufficient resources to safeguard information assets, 
whether as a percentage of information-technology 
modernization and/or operating budgets, or otherwise. 

OPTION: Congress could ensure that the Department 
of Commerce assigns sufficient resources to NIST to 
support its Computer Security Act responsibilities, as 
well as NIS Ts other activities related to safeguarding in- 
formation and promoting privacy in networks. 



Regarding NISTs computer-security budget, 
OTA has not determined the extent to which addi- 
tional funding is needed, or the extent to which 
additional funding would improve the overall ef- 
fectiveness of NIST's information-security activi- 
ties. However, in staff discussions and workshops, 
individuals from outside and within government 
repeatedly noted that NIST's security .activities 
were not proactive and that NIST often lagged in 
providing useful and needed standards (the FIPS) 
and guidelines. Many individuals from the private 
sector felt that NIST's limited resources for secu- 
rity activities precluded NIST from doing work 
that would also be useful to industry. Additional 
resources, whether from overall increases in 
NIST's budget and/or from formation of a new In- 
formation Technology Laboratory, could enhance 
NIST's technical capabilities, enable it to be more 
proactive, and hence be more useful to federal 
agencies and to industry. 

NIST activities with respect to standards and 
guidelines related to cryptography are a special 
case, however. Increased funding alone will not be 
sufficient to ensure NIST's technological leader- 
ship or its fulfillment of the "balancing" role as en- 
visioned by the Computer Security Act of 1987. 
With respect to cryptography, national-security 
constraints set forth in executive branch policy di- 
rectives appear to be binding, implemented 
through executive branch coordinating mecha- 
nisms including those set forth in the N1ST/NSA 
memorandum of understanding. These 
constraints have resulted, for example, in the 
closed processes by which the FIPS known as the 



Escrowed Encryption Standard (Clipper) was de- 
veloped and implemented. Increased funding 
could enable NIST to become a more equal part- 
ner to NSA, at least in deploying (if not develop- 
ing) cryptographic standards. But, if NIST/NSA 
processes and outcomes are to reflect a different 
balance of national security and other public inter- 
ests, or more openness, than has been evidenced 
over the past five years, clear policy guidance and 
oversight will be needed. 

I Legal Issues and Information Security 

Laws evolve in the context of the mores of the 
culture, business practices, and technologies of 
the time. The laws currently governing commer- 
cial transactions, data privacy, and intellectual 
property were largely developed for a time when 
telegraphs, typewriters, and mimeographs were 
the commonly used office technologies and busi- 
ness was conducted with paper documents sent by 
mail. Technologies and business practices have 
dramatically changed, but the law has been slower 
to adapt. Computers, electronic networks, and in- 
formation systems are now used to routinely proc- 
ess, store, and transmit digital data in most 
commercial fields. Changes in communication 
and information technologies are particularly sig- 
nificant in three areas: electronic commerce, pri- 
vacy and transborder data flow, and digital 
libraries. 

Electronic Commerce 

As businesses replace conventional paper doc- 
uments with standardized computer forms, the 
need arises to secure the transactions and establish 
means to authenticate and provide nonrepudiation 
services for electronic transactions, that is, a 
means to establish authenticity and certify that the 
transaction was made. Absent a signed paper doc- 
ument on which any nonauthorized changes could 
be detected, a digital signature to prevent, avoid, 
or minimize the chance that the electronic docu- 
ment has been altered must be developed. In con- 
trast to the courts* treatment of conventional, 
paper-based transactions and records, little guid- 
ance is offered as to whether a particular safeguard 
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technique, procedure, or practice will provide the 
requisite assurance of enforceability in electronic 
form. This lack of guidance concerning security 
and enforceability is reflected in the diversity of 
security and authentication practices used by 
those involved in electronic commerce. 

Legal standards for electronic commercial 
transactions and digital signatures have not been 
fully developed, and these issues have undergone 
little review in the courts. Therefore, action by 
Congress may not be warranted now. However: 

OPTION: Congress could monitor the issue of legal 
standards for electronic transactions and digital signa- 
tures, so that these are considered in future policy deci- 
sions about information security. 

Protection of Privacy in Data 

Since the 1 970s, the United States has concen- 
trated its efforts to. protect the privacy of personal 
data collected and archived by the federal govern- 
ment. Rapid development of networks and in- 
formation processing by computer now makes it 
possible for large quantities of personal informa- 
tion to be acquired, exchanged, stored, and 
matched very quickly. As a result, a market for 
computer-matched personal data has expanded 
rapidly, and a private-sector information industry 
has grown around the demand for such data. 

Increased computerization and linkage of in- 
formation maintained by the federal government 
is arguat'y not addressed by the Privacy Act, 
which approaches privacy issues on an agency- 
by-agency basis. To address these developments: 

OPTION: Congress could allow each agency to ad- 
dress privacy concerns individually, through its present 
system of review boards. 

OPTION: Congress could require agencies to improve 
the existing data integrity boards, with a charter to make 
clearer policy decisions about sharing information and 
maintaining its integrity. 



OPTION: Congress could amend the existing law to in- 
clude provisions addressing the sharing and matching 
of data, or restructure the law overall to track the flow of 
information befween institutions. 

OPTION: Congress could provide for public access for 
individuals to information about themselves, and proto- 
cols for amendment and correction of personal in- 
formation. It could also consider providing for online 
publication of the Federal Register to improve public 
notice about information collection and practices. 



In deciding between courses of actions, Congress 
could exercise its responsibility for oversight 
through hearings and/or investigations, gathering 
information from agency officials involved in pri- 
vacy issues, as well as citizens, in order to gain a 
better understanding of what kinds of actions are 
required to implement better custodianship, a 
minimum standard of quality for privacy protec- 
tion, and notice to individuals about use and han- 
dling of information. 

Although the United States does not compre- 
hensively regulate the creation and use of such 
data in the private sector, foreign governments 
(particularly the European Union) do impose con- 
trols. The Organization for Economic Coopera- 
tion and Development (OECD) adopted 
guidelines in 1980 to protect the privacy and 
transborder flows of personal data. The difference 
between the level of personal privacy protection in 
the United States and that of its trading partners, 
who in general more rigorously protect privacy, 
could inhibit the exchange of data with these 
countries. U.S. business has some serious con- 
cerns about the EU proposal, as it relates to the 
data subject's consent and the transfer of data to 
non-EU countries. 

In addressing the sufficiency of existing U.S. 
legal standards for privacy and security in a net- 
worked environment for the private sector: 

OPTION: Congress could legislate to set standards 
similar to the OECD guidelines; 
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or, 

OPTION: Congress could allow individual interests, 
such as the business community, to advise the interna- 
tional community on its own of its interests in data 
protection policy. However, because the EU's protec- 
tion scheme could affect U.S. trade in services and 
could impact upon individuals, Congress may also 
wish to monitor and consider the requirements of for- 
eign data protection rules as they shape U.S. security 
and privacy policy to assure that all interests are re- 
flected. 



A diversity of interests must be reflected in ad- 
dressing the problem of maintaining privacy in 
computerized information — whether in the public 
or private sector: 

OPTION: Congress could establish a Federal Privacy 
Commission. 



2. to carry out oversight to protect the privacy in- 
terests of individuals in information-handling 
activities; 

3. to develop and monitor the implementation of 
appropriate security guidelines and practices 
for the protection of health care information; 

4. to advise and develop regulations appropriate 
for specific types of information systems; 

5. to monitor and evaluate developments in in- 
formation technology with respect to their im- 
plications for personal privacy in information; 
and 

6. to perform a research and reporting function 
with respect to information privacy issues in 
the United States. 

Debate continues as to whether such a body 
should serve in a regulatory or advisory capacity. 
In the 103d Congress, legislation (S. 1735, the 
Privacy Protection Act) that would establish a Pri- 
vacy Protection Commission has been 
introduced. 



Proposals for such a commission or board were 
discussed by the Office of Technology Assess- 
ment in its 1986 study of Electronic Record Sys- 
tems and Individual Privacy. OTA cited the lack 
of a federal forum in which the conflicting values 
at stake in the development of federal electronic 
systems could be fully debated and resolved. As 
privacy questions will arise in the domestic arena, 
as well as internationally, a commission could 
deal with these as well. Data protection boards 
have been instituted in several foreign countries, 
including Sweden, Germany, Luxembourg, 
France, Norway, Israel, Austria, Iceland, United 
Kingdom, Finland, Ireland, the Netherlands, Can- 
ada, and Australia. 

The responsibilities and functions suggested 
for a privacy commission or data protection board 
are: 

1 . to identify privacy concerns, that is to function 
essentially as an alarm system for the protec- 
tion of personal privacy; 



Protection of Intellectual Property in 
the Administration of Digital Libraries 

The availability of protected intellectual prop- 
erty in netwc ked information collections, such as 
digital libraries and other digital information 
banks, is placing a strain on the traditional meth- 
ods of protection and payment for use of intel- 
lectual property. Technologies developed for 
securing information might hold promise for 
monitoring the use of protected information, and 
provide a means for collecting and compensating 
the owners of intellectual property as well. The 
application of intellectual-property law to protect 
works maintained in digital libraries continues to 
be problematic; traditional copyright concepts 
such as fair use are not clearly defined as they ap- 
ply to these works; and the means to monitor com- 
pliance with copyright law and to distribute 
royalties is not yet resolved. 

OTA addressed these issues in Finding a Bal- 
ance: Computer Software. Intellectual Property, 
and the Challenge of Technological Change, 
OTA-TCT-527 (Washington, DC: U.S. Govern- 
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ment Printing Office, May 1 992). The 1 992 report 
included the following options to deal with the is- 
sue of fair use of works in electronic form: 

■ Congress could clarify the Copyright Act's 
fair-use guidelines with regard to lending, re- 
source sharing, interlibrary loan, archival 
and preservation copying, and copying for 
patron use. 

■ Congress could establish legislative guidance 
regarding fair use of works in electronic form 
and what constitutes copying, reading, and 
using', 

or, 

■ Congress could direct the Copyright Office, 
with assistance from producers and users of 
electronic information, to develop and dis- 
seminate practical guidelines regarding these 
issues. 35 

With respect to questions raised concerning multi- 
media works, the 1992 OTA report suggested that: 

■ Congress could clarify the status of mixed- 
media works, with regard to their protection 
under copyright. 36 

During this assessment, OTA found that the 
widespread development of multimedia authoring 
tools — integrating film clips, images, music, 
sound, and other content — raises additional issues 
pertaining to copyright and royalties. 

With respect to copyright for multimedia 
works: 

OPTION: Congress could allow the courts to continue 
to define the law of copyright as it is applied in the world 
of electronic information; 

or, 

OPTION: Congress could take specific legislative ac- 
tion to clarify and further define the copyright law in the 
world of electronic information. 

Instead of waiting for legal precedents to be estab- 
lished or developing new legislation, Congress 



might try a third approach. This approach would 
allow producer and user communities to establish 
common guidelines for use of copyrighted, multi- 
media works: 

OPTION: Congress could allow information providers 
and purchasers to enter into agreements that would es- 
tablish community guidelines without having the force 
of law. In so doing, Congress could decide at some 
point in the future to review the success of such an ap- 
proach. 



With respect to rights and royalties for copy- 
righted works: 

OPTION: Congress could encourage private efforts to 
form rights-clearing and royalty-collection agencies for 
groups of copyright owners. 

Alternatively, 

OPTION: Congress might allow private-sector develop- 
ment of network tracking and monitoring capabilities to 
support a fee-for-use basis for copyrighted works in 
electronic form. 



In the latter case, Congress might wish to review 
whether a fee-for-use basis for copyrighted works 
in electronic form is workable, from the stand- 
point of both copyright law and technological ca- 
pabilities (e.g., Does it serve the fair-use 
exception? Can network technologies effectively 
address this question?). This might be accom- 
plished by conducting oversight hearings, under- 
taking a staff analysis, and/or requesting a study 
from the Copyright Office. 



35 U.S. Congress, Office of Technology Assessment, Finding a Balance: Computer Software. Intellectual Property, and the Challenge of 
Technological Change, OTA-TCT-527 (Washington, DC: U.S. Government Printing Office, May 1992), p. 35 (options 3.1, 3.2, and 3.3). 

36 Ibid., p. 36 (option 3.4). 
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Safeguarding 
Networked 
Information 

Networked information is constantly exposed to threats — 
events or agents that have the potential to cause harm to a 
system or information assets. These threats have the po- 
tential to exploit a network's many vulnerabilities — 
weaknesses, or points susceptible to attack. New vulnerabilities 
emerge as systems are built or changed. If these are exploited, 
substantial financial losses and an overall failure to achieve the 
original objectives of the network can result. The true incidence 
rates and losses arising from these threats are unknown, however, 
since they are often not detected, not reported, or require placing a 
monetary value on a relatively intangible loss. Financial institu- 
tions, in particular, are reluctant to report losses to avoid negative 
publicity that might cause more losses or loss of business. Also, 
the probability that particular threats will exploit particular vul- 
nerabilities in a network — the amount of risk — varies from net- 
work to network. 

Although multiple threats often combine to expose a vulner- 
ability, threats to networked information can be loosely grouped 
into the following categories: 

■ Human errors and design faults. The largest source of losses 
is due to unintentional human actions during operations. Some 
experts estimate that over one-half of the total financial and 
productivity losses in information systems is the result of 
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human errors, as opposed to intentional and 
malicious acts. 1 These acts include improperly 
installing and managing equipment or soft- 
ware, accidentally erasing files, updating the 
wrong file, transposing numbers, entering in- 
correct information in files, neglecting to 
change a password or back up a hard disk, and 
other acts that cause loss of information, inter- 
ruptions, and so forth. 

Many of these and other circumstances are 
arguably due to faults in design that do not pre- 
vent many common human errors (or other 
threats) from resulting in losses. An unusual 
but legitimate sequence of events also can re- 
peal a vulnerability in system design. Such de- 
sign errors may come with off-the-shelf 
software or hardware, or may be built into the 
system by the network managers. 

■ Insiders. Many violations of information safe- 
guards are performed by trusted personnel who 
engage in unauthorized activities or activities 
that exceed their authority. These insiders may 
copy, steal, or sabotage information, yet their 
actions may remain undetected. 2 These indi- 
viduals can hold clearances or other authoriza- 
tions, or may be able to disable network 
operations or otherwise violate safeguards 
through actions that require no special autho- 
rization. 

■ Natural disasters and environmental dam- 
age. Wide-area disasters such as floods, earth- 
quakes, fires, and power failures can destroy 



both the main information facilities as well as 
their backup systems. Broken water lines, un- 
even environmental conditions, and other 
localized threats also produce significant but 
less sensational damage. 

■ "Crackers" and other intruders. A small but 
growing number of violations come from unau- 
thorized "crackers" 3 who may intrude for mon- 
etary gain, for industrial secrets, or for the 
challenge of breaking into or sabotaging the 
system. This group receives the most sensa- 
tional treatment in the press and includes teen- 
agers breaking into remote systems as well as 
professional criminals, industrial spies, or for- 
eign intelligence. 

■ Viruses and other malicious software. Vi- 
ruses, worms, and other malicious software can 
enter a network through borrowed diskettes, 
prepackaged software, and connections to oth- 
er networks. 4 These hazards could also be a re- 
sult of human error (negligence), insiders, or 
intruders. 

SAFEGUARDS FOR 
NETWORKED INFORMATION 

Federal agencies and other organizations use safe- 
guards — countermeasures — that eliminate spe- 
cific vulnerabilities or otherwise render a threat 
impotent, thereby protecting the organizations' 
information assets. In this report, security is used 
generally to describe the protection against disclo- 



1 This is consistent with other areas of engineering as well; notable examples include the Chernobyl nuclear disaster, the Bhopal chemical 
plant disaster, and the Exxon Valdez oil spill. Charles Cresson Wood and William W. Banks. "Human Error: An Overlooked but Significant 
Information Security Problem." Computers and Security, vol. 1 2, No. 1 , pp. 5 1 -60. Another analysis of information systems conducted over 1 2 
years in 2,000 organizations found human error the cause of 65 percent of total security losses. See United Nations. Advisory Committee for the 
Coordination of Information Systems (ACCIS). Information Systems Security Guidelines for the United Nations Organizations (New York. 
NY: United Nations. 1992), p. 9. 

2 The United Nations report estimated that 1 9 percent of total security losses were from dishonest or disgruntled employees. 1 3 percent were 
from infrastructure loss or water damage, and 3 percent were from outsiders. Viruses were not listed. (Ibid.) 

5 "Crackers" are often called "hackers." but "hacker" also refers to a broader set of individuals who innovate legitimate solutions to comput- 
er challenges. 

4 Experts differ over the actual losses and relative importance of viruses compared with other threats. See testimony' by Peter S. Tippett. 
Symantec Corp.. and material submitted tor the record by Cynthia Carlson. USA Research, in hearings before the House Subcommittee on 
Telecommunications and Finance. June 9. 1993. One study estimated that viruses account for roughly 2 percent of all losses. See James Lip- 
shult/., "Scare Tactics Exaggerate Actual Threat from Computer Viruses." Federal Computer Week, Dec. 6. 1993. p. 15. 
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sure, modification, or destruction of networked 
information through the use of safeguards. These 
safeguards include hardware, software, physical 
controls, user procedures, administrative proce- 
dures, and management and personnel controls. 
The degree of security, along with the safety and 
reliability of a system, is reflected in the level of 
confidence that the system will do what it is ex- 
pected to do — that is, its trustworthiness. 

This report loosely defines an information net- 
work as any set of interconnected electronic in- 
formation systems (computers, magnetic drives, 
telecommunications switches, etc.); therefore, a 
"network" is not restricted to the Internet, 5 corpo- 
rate networks, the telephone network, and so 
forth. In any case, today's networks are increas- 
ingly interconnected or overlapping, and distinc- 
tions are difficult to make. In this report, a network 
user may refer to a nonexpert individual, an expert 
system administrator, or an entire organization, 
depending on the context. 

I Expressing Organizational Objectives 

To be successful, safeguards must be applied in a 
coordinated fashion to contain the risks from the 
above threats, while maintaining the functional 
objectives of the network. 6 To implement such 
safeguards, professionals can use a top-down and 



ongoing process that is based on the objectives 
and design of each particular network. Alterna- 
tively, many managers and users attempt to pro- 
tect information through more ad hoc applications 
of products and services that sometimes lack even 
an informal consideration of an overall process. 
While such an informal approach may be adequate 
for some small networks, it can put the informa- 
tion in other networks at great risk. 

The single most important step toward imple- 
menting proper safeguards for networked infor- 
mation in a federal agency or other organization is 
for its top management to define the organiza- 
tion's overall objectives, define an organizational 
security policy to reflect those objectives, and im- 
plement that policy. Only top management can 
consolidate the consensus and apply the resources 
necessary to effectively protect networked in- 
formation. For the federal government, this re- 
quires guidance from the Office of Management 
and Budget (OMB), commitment from top agency 
management, and oversight by Congress. Without 
understanding and support from top management, 
an organization's deployment of safeguards may 
be completely ineffective. 

Reflecting their organizational objectives, dif- 
ferent types of network providers and users em- 



5 The Imemci is defined here as many thousands of interconnected smaller networks that use the Internet Pr< toco! (IP) format to exchange 
data. In practice, the degree to which a network is part of the Internet varies, and formats other than IP are also sent over the Internet or used 
within subnetworks. The Internet is prominent because of its size and rate of expansion, and its decentralized management and financing, 

6 For information on the many aspects of information security discussed in this chapter, see William Caclli. Dennis Longley, and Michael 
Shain (eds.) . / nformation Security Handbook (New York, NY: Stockton Press. 1 99 1 ); Krish Bhaskar. Computer Security; Threats and Counter- 
measures (Oxford. England NCC Blackwell. Ltd.. 1 993); Deborah Russell and G.T. Gangemi. Sr.. Computer Security Basics (Sebaslopol. CA: 
O'RciIlcy & Associates. Inc.. 1991 ): Morric Gasser. Building a Secure Computer System (New York. NY: Van Noslrand Rcinhold Co.. 1988). 
National Research Council. Computers at Risk: Safe Computing In the Information Age (Washington. DC: National Academy Press. 1991 ); 
U.S. Department of Commerce. National Institute of Standards and Technology. "Workshop in Security Procedures for the Interchange of Elec- 
tronic Documents: Selected Papers and Results." Roy G, Saltman (ed.). August 1 993; and U.S. Congress. Office of Technology Assessment. 
Defending Secrets. Sharing Data: New hxksand Keys for Electronic Information, OTA-C1T-3 1 0 (Washington. DC: U.S. Government Printing 
Office. October 1987). See also U.S. Department of Commerce. National Institute of Standards and Technology. An Introduction to Computer 
Security: The NIST Handbook, in press. 
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phasize different security aspects or services. 7 
Long-distance (interexchange) carriers, local tele- 
phone companies, cable companies, satellite pro- 
viders, wireless carriers, and other providers of the 
telecommunications links generally place the 
most emphasis on the availability of their serv- 
ices. Availability means that core services will be 
operational despite threats of fire, flood, software 
errors, undercapacity, virus attacks, and so forth. 

Building on the links are value-added provid- 
ers, some resellers, computer network services, 
and others who use the links to transport informa- 
tion, but also add features of their own. Commer- 
cial Internet providers primarily emphasize 
availability, while electronic data interchange 
(EDI) value-added services emphasize integrity 
and nonrepudiation. Integrity means that the in- 
formation is only altered from its original form 
and content for authorized reasons. 8 (Banks, for 
example, are paricularly concerned about the in- 
tegrity of electronic funds transfers.) Non-repudi- 
ation refers to the ability to prove that a party sent 
a particular message (see discussion in chapter 3). 
Subscription services, such as Compuserve, 
America Online, Genie, Delphi, and Prodigy, also 
emphasize access control. Access control refers to 
mechanisms based on user-identification and 
user-authentication procedures that restrict each 
user to reading, writing, or executing only the in- 
formation or functions for which he or she is au- 
thorized. 

At the periphery — but no less important — are 



the users: individuals, government agencies, 
banks, schools, libraries, database services, cor- 
porations, citizen groups, managers of electronic 
bulletin boards, and others. Users are both provid- 
ers and consumers of information; they may have 
little control over the overall availability of the 
links, but they can control other aspects. Users can 
assure the confidentiality of classified, propri- 
etary, or private information through the use of 
cryptography (see box 4-1) and access controls. 
Confidentiality refers to the assurance that only 
properly authorized persons can view particular 
information. Online publishers and corporations 
may use cryptography and access controls to em- 
phasize the protection of copyrighted or propri- 
etary information — i.e., assuring that two parties 
have properly exchanged payments or permis- 
sions for services or products delivered electroni- 
cally. 

Confidentiality is distinguished here from pri- 
vacy, which is less commonly used in the comput- 
er security profession. Briefly, confidentiality 
refers to the treatment of data; confidentiality is 
achieved "when designated information is not dis- 
seminated beyond a community of authorized 
knowers." Privacy refers here to a social contract: 
"the balance struck by society between an individ- 
ual's right to keep information confidential and 
the societal benefit derived from sharing that in- 
formation " 9 (See chapter 3 for discussion of 

privacy.) 



7 Computer security is often said to have three primary aspects (.icfined in the text): confidentiality, integrity, and availability (the "CI A" of 
security). Historically there has been greater emphasis on confidentiality and integrity, and less on availability. The International Standards 
Organization (ISO) 7498-2 international standard also distinguishes nonrepudiation and access controls, but most references subsume these 
and all other attributes into the first three. Donn Parker has suggested including other aspects; sec Donn B. Parker, SRI International, Mcnlo 
Park, CA, "Using Threats To Demonstrate the Elements of Information Security," January 1994 (obtained from the author). 

8 Another definition is that "Integrity is the knowledge that a given body of data, a system, an individual, a network, a message in transit 
through a network, or the like has the properties that were a priori expected of it." (Willis H. Ware, Rand Corporation. Santa Monica, CA. 
"Policy Considerations for Data Networks," December 1993.) 

9 Anita Allen, Uneasy Access: Privacy for Women in a Free Society (Totowa, N J: Rowman & Littlcficld. 1 988). p. 24. See discussion in U.S. 
Congress, Office of Technology Assessment. Protecting Privacy in Computerized Medical Information, OTATCT-576 (Washington. DC: U.S. 
Government Printing Office, 1993), pp. 7-9 
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I Writing an Organizational 
Security Policy 

The security policy of an agency or other organiza- 
tion is intended to implement the overall objec- 
tives, express the organization's view on risk, and 
assign responsibilities, among other things. 10 
Whether implicit or explicit, the policy is essential 
to define the requisite safeguards: "Without a se- 
curity policy, it could be argued that it isn't pos- 
sible to have a security violation. The business has 
nothing defined as confidential [for example] and 
no standards to meet," 1 1 In an organization, a suc- 
cessful security policy is made by the top manage- 
ment — a chief executive officer or agency head, 
for example. In cooperative networks, the policy 
may be made by representatives of its members, 
standards committees, regulatory bodies, or by 
law. 

Organizational security policies range from 
one page to several volumes in length, but should 
not be overly specific. As one observer noted, "se- 
curity policies are not unlike the Ten Command- 
ments or the Bill of Rights. They must not include 
the specifics of the implementations. They are far 
more effective if they are brief, generic, and force- 
ful." 12 

As any user, the federal government must ex- 
amine its own objectives, set its own security and 
privacy policies, and continually review its own 
information safeguards. 13 Just as different users 
and providers have conflicting interests, however, 
so do different federal agencies have conflicting 



missions and policies. The pressure to make gov- 
ernment more efficient, in particular, often com- 
plicates the need to protect copyrighted, private, 
and proprietary information. For example, im- 
proving federal services to citizens, including 
electronic delivery of those services, will require 
more sharing of information and resources among 
agencies and between federal agencies and state or 
local agencies. 14 

Agencies historically have delivered their ser- 
vices in a "stovepipe" fashion — managing ser- 
vices vertically within an agency but not 
horizontally across agency boundaries. This isola- 
tion between agencies provided a degree of priva- 
cy simply due to the difficulty of consolidating 
such information using existing methods. In- 
formation networks make horizontal exchanges of 
information between low-level agency employees 
much easier, but sharing such information also 
brings new risks since different agencies (and 
nonfederal government users) have different ob- 
jectives and policies about handling such informa- 
tion. Agencies and other organizations will have 
to work together to assure that sensitive informa- 
tion is handled uniformly according to privacy 
and computer matching laws (see chapter 3). 

There is a great need for agencies and other or- 
ganizations to develop sound security policies 
that match the reality of modern information net- 
works. These policies should be mandated from 
the highest level. They should support the specific 
organizational objectives and interests, including 



10 Security policy refers here to the statements made by organizations, corporations, and agencies to establish overall policy on information 
access and safeguards. Another meaning comes from the Defense community and refers to the rules relating clearances of users to classification 
of information. In another usage, security policies arc used to refine and implement the broader, organizational security policy described here. 

1 1 Paul Dorey. "Security Management and Policy." in Information Security Handbook, William Caclli. Dennis Longley, and Michael Shain 
(cds.) (New York. NY: Stockton Press. 1991 ). p. 32. 

12 Robert H. Courtney, Jr., President, RCI. Inc., Lynn Haven, FL. personal communication, June 2. 1994. 

1 3 For discussion, sec Dennis M. Gilbert. A Study of Federal Agency Needs for Information Technology Security. N1STIRS424 (Gaithers- 
burg. MD: National Institute of Standards and Technology, May 1994). 

14 U.S. Congress, Office of Technology Assessment, Making Government Work: Electronic Delivery of Federal Services. OTA-TCT-578 
(Washington. DC: U.S. Government Printing Office. Sept. 1993). Vice President Al Gore, Creating a Government That Works Better and Costs 
Less: Report of the National Performance Review (Washington DC: U.S. Government Printing Office. Sept. 7. 1993); U.S. General Services 
Administration, Information Resources Management Service, "Service to the Citizens: Project Report." KAP-93-I. February 1993. 
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but not limited to policies regarding private in- 
formation. These policies must also anticipate a 
future where more information may be shared 
among agencies and organizations. 

I Cost-Justifying Safeguards 

Ideally, the actual safeguards implemented to pro- 
tect networked information should represent the 
overall objectives of the organization, but in prac- 
tice they often do not. Network designers must 
continually balance utility (including speed, ca- 
pacity, flexibility, user-friendliness, and inter- 
operability), cost, and security. In any case, 
information can never be absolutely secured, and 
safeguarding information is therefore not an issue 
of how to secure information, but how much secu- 
rity an agency or business can justify. Many ap- 
proaches are effective and inexpensive, but others 
can be\ery costly, for both small and large orga- 
nizations. The organization's management, there- 
fore, must have a method to balance the cost of a 
safeguard with the potential loss that may occur if 
it doesn't use that safeguard. 

Security professionals can use risk analyses to 
estimate risks 15 and probable losses for informa- 
tion assets. These analyses can then be used to de- 
termine the appropriate safeguard expenditures. A 
crude qualitative risk analysis may simply identi- 
fy the obvious holes in a system but can, neverthe- 
less, be valuable. A rigorous quantitative analysis 
requires some experience with security systems 
and understanding of how to determine the value 
of information assets. 

Management benefits from risk analyses only 
insofar as an analysis provides timely, quantifi- 
able, and credible measurements. In practice, 
however, risk often can be difficult to quantify and 
the analysis expensive. Quantification requires 
statistics about the frequency and size of losses in 
similar organizations. Such statistics may be diffi- 



cult to obtain, and the frequencies of losses may 
be too low to be useful or may not be applicable 
to a particular organization. Incidents of loss are 
widely underreported or undetected. The disci- 
pline of risk analysis also is still relatively young 
and needs further development. 

Therefore, a risk analysis does not necessarily 
assure that a system is effectively safeguarded, 
only that the organization is following a systemat- 
ic approach. New developments in risk analysis 
have made the process easier, however, relying on 
past experience and on automated tools with ex- 
tensive threat, vulnerability, and safeguard 
knowledge bases, and user-friendly interfaces. 
Risk analysis performs best where the nature of 
losses are best understood or frequent — such as in 
cases of natural disasters or credit card fraud. Its 
shortcomings lie in cases where the losses are less 
understood. 

Alternatively, management can use a due care 
(also called reasonable care) approach to deter- 
mine how much security an organization can af- 
ford. A due care approach seeks an acceptable 
level of safeguards relative to other businesses 
and agencies, as opposed to an acceptable level 
relative to an absolute measure of risk. This ap- 
proach uses "baseline" controls and practices, as 
well as risk analyses for vulnerabilities not ad- 
dressed by the baseline. The baseline varies de- 
pending on the application or industry; for 
example, the baseline for the banking industry 
would be different from that of an information 
publisher. The baseline is also intended to be flex- 
ible and incorporate changes in. technology. The 
due care approach is intended to build on the expe- 
rience of others in the field and, therefore, to lower 
the cost of managing networked information. 

The due care approach to safeguarding in- 
formation assets is not well established, however, 
and has relatively little precedent or experience to 



15 Risk is the likelihood that a particular thrcal will exploit a particular vulnerability to cause an undesirable event to occur- -a measure of 
uncertainty. It is sometimes defined as the asset value multiplied by the exposure factor (fraction of the asset destroyed in an event) and the 
annualized rate of (K'currcnec. Using this definition, risk can be expressed in units of dollars per year. (Will Ozicr, O/.icr, Pc terse, and AssiKMates, 
San Francisco. CA. personal communication. Dec. 14, 1993.) 
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build on. The establishment of generally accepted 
principles (explained in a later section) is integral 
to providing standards for due care, but detailed 
principles will take some time to develop. Critics 
claim that following only the due care principles 
can provide inadequate safeguards and may there- 
fore fail as a liability defense. Even within one in- 
dustry such as banking, for example, safeguard 
needs vary greatly from one location to another, 
and appropriate safeguards change as technology 
changes. Taking a follow-the-Ieader approach 
may cause the organization to overlook reason- 
ably available safeguards, suffer a significant loss, 
and be found negligent, even though it was fol- 
lowing otherwise-accepted procedures. 

Both risk analysis and principles of due care 
need further development. Neither approach is 
necessarily always appropriate and, therefore, 
neither is always sufficient to provide a strong de- 
fense against liability in the case of ? monetary 
loss related to loss, theft, or exposure of net- 
worked information, A combination of the two 
approaches will likely provide improved protec- 
tion. Proponents of risk analysis suggest that risk 
analysis done correctly provides better safe- 
guards, while proponents of due care suggest that 
performing only risk analyses is impractical. 

I Formal Security Models 

Given a particular set of objectives and a stated or- 
ganizational policy, a formal model is sometimes 
developed to express or, formalize a more specific 
policy in a way that can be tested in a system. The 
model should be written in precise, simple, and 
generic terminology and, therefore, is often writ- 
ten in mathematical notation, particularly for sys- 
tems requiring relatively strong safeguards. 16 A 
specification process is derived from the model 
and provides a step-by-step method to assure that 



the model is actually implemented. The formal 
process thus provides a series of steps that can be 
isolated and tested. 

An example of a well-known security model is 
the Bell-LaPadula model used for protecting the 
confidentiality of classified information, based on 
multilevel security classifications. 17 The Clark- 
Wilson model is a less formal model aimed at fi- 
nancial and other unclassified transactions. The 
Clark-Wilson model implements traditional ac- 
counting controls including segregation of duties, 
auditing, and well-formed transactions such as 
double-entry bookkeeping. 18 

Most of the existing work in formal security 
models is oriented toward confidentiality^ clas- 
sified applications. This emphasis mayre because 
only the Department of Defense (DOD) classifica- 
tion hierarchy and requirements for high assur- 
ance of security seem to be amenable to formal 
models. Comparable security models for unclas- 
sified information, with emphasis on u *egrity and 
availability have not, and may never, emerge. 
Some claim that the private sector can simply pro- 
vide better safeguards without the need for formal 
models characteristic of the DOD approach. 

Within the government sector, research in secu- 
rity models may be appropriate for applications 
involving the exchange of sensitive or private in- 
formation among federal agencies, or between 
federal agencies and state or local governments. 
These models then could be applied to assure con- 
formance to security and privacy policies that 
have been coordinated among those agencies that 
share information. Especially needed are models 
that address heterogeneous network environ- 
ments and that are integrated with other systems 
approaches that account for network reliability 
and fault-tolerant computing. 
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16 This mathematical notation is analogous to the role of Boolean algebra in expressing electronic circuits that perform logical functions. 

1 7 The Biba model is similar to the Bell-LaPadula model but protects the integrity of information instead of its confidentiality. The rigor of 
the Biba model, however, is not generally a good match for real wnrld integrity requirements and is rarely implemented. 

18 For a discussion of formal models, see Morrie Gasscr, op. cit.. footnote 6. eh. 9. Sec also Dennis Longlcy. "Formal Models of Secure 
Systems," in Information Security Handbook, op. cit.. footnote 6, 
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Before formal models can be successful for 
safeguarding the exchange and sharing of in- 
formation among agencies, the agencies must first 
review and coordinate their individual policies re- 
garding the protection of sensitive or private in- 
formation (see discussion of data sharing in 
chapter 3). These policies could then be imple- 
mented according to new or existing formal mod- 
els, as needed. The Office of Technology 
Assessment (OTA) found in its interviews, how- 
ever, that while exploration into new types of for- 
mal models may be warranted, there is 
considerable doubt about the utility of formal 
models for safeguarding networked information, 
particularly to protect information integrity and 
availability. 

I Specific Safeguard Techniques 
and Tools 

The marketplace provides products and services 
that range from simple devices such as a metal key 
used to shut off a personal computer at night, to 
elaborate methods for encryption and digital sig- 
natures. The tools and techniques alone will not 
safeguard an organization's information; they re- 
quire expert personnel to apply and maintain 
them. They also must be combined in a coordi- 
nated fashion to meet the organization's objec- 
tives, whether they emphasize confidentiality, 
integrity, availability, or any other attributes of se- 
curity. A few classes of techniques and tools are 
listed here as examples of features that are current- 
ly available. 19 



Challenge-Response Systems 

Even small networks require users to identify 
themselves through a user name and a confidential 
password. These passwords are usually stored in 
an encrypted file in a central computer, and few 
people or perhaps no one has the key to the file that 
contains the passwords. An intruder might guess a 
password by trial and error, however, using typical 
passwords such as narr.^s, nicknames, names of 
spouses or children, and so forth (see box 2-1). An 
intruder might also monitor and copy passwords 
that are sent to the central computer as the user 
logs on, or that are written on scraps of paper left 
near the user's computer. 

This latter type of attack can be deterred by 
"challenge-response" systems that never actually 
send the password over the network. When the 
user enters his or her account name at a terminal, 
the central computer issues the user a random 
challenge. The user sees the challenge, and tran- 
scribes it and a password injto the keypad of a 
handheld authenticator (the size of a credit card or 
small calculator). The authenticator calculates a 
unique response; the user enters that response into 
the terminal and sends it to the central computer. 
The central computer repeats the calculation and 
compares its result with the user's result. An in- 
truder cannot imitate the user without access to the 
identical authenticator and its associated pass- 
word. 

Secure tokens (see below) or a laptop computer 
can also substitute for the authenticator. Also, the 
user's token can generate a response based on a 
card-unique secret key and the local time (syn- 
chronized with the central computer), instead of 
the challenge sent by the central computer. 



19 For an overview of information security and related products and techniques, sec Deborah Russell and G.T. Gangcmi. Sr.. op. c it., foot- 
note 6. For techniques relating to only UNIX, sec Simson Garfinkcl and Gene Spafford. Practical UNIX Security (Scbaslopol. CA: O'Reilly & 
Associates. Inc.. August 1993). For an introduction to network security, sec Mario Dcvargas. Network Security (Manchester. England: NCC 
Blackwcll Ltd.. 1993). See also Teresa F. Lunl (cd.). Research Directions in Database Security (New York. NY: Springer- Verlag. 1 992); and 
D.W. Davics and W.L. Price. Security for Computer Networks: An Introduction to Data Security in Teleprocessing and Electronic Funds Trans- 
fer. 2nd Ed. (New York. NY John Wiley & Sons. 1992). 
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Perhaps the most widespread and serious vulnerability in information networks is the use of weak 
password systems. Systems administrators can no longer safely send unencrypted passwords over the 
Internet and other networks. Instead, experts recommend that network managers use challenge-re- 
sponse systems, electronic tokens, and sophisticated, one-time password techniques to protect their 
networks. Users will continue to employ traditional passwords, however, to protect "local" workstations 
and files. Unfortunately, passwords assigned by administrators to protect these local assets are often 
"strong" but easily forgotten, while passwords chosen by users are more easily remembered but often 
"weak " 

For example, an eight character password has 2 56 (over 72.000,000,000,000,000) possible com- 
binations (counting both uppercase and lowercase characters and symbols, and eight bits per ASCII 
character, less one bit for parity). An intruder who has copied an encrypted file might need hundreds of 
years to try all these possible combinations in sequence in order to decryp 1 . the file. Users who choose 
words, proper names, or acronyms for passwords reduce considerably the number of possible com- 
binations that an intruder needs to try: there are less than 500,000 English words and names with eight 
or fewer letters, spelled backwards or forwards. Of these word?, some are more frequently chosen for 
users' passwords than others. An intruder who guesses a few dozen or a few hundred of the most com- 
mon names, acronyms, and default passwords is often successful. 

Educating users to choose strong passwords to protect local workstations is perhaps the most diffi- 
cult task for a network manager. Programs exist that screen out weak passwords, but such programs do 
not substitute for the following simple guidance to users: 

■ Treat your password like your toothbrush: use it every day, change it often, and never share it. 1 

■ Never write your password on anything near your computer. If you do write it down, do not identify it as 
a password, and hide it well. Never place an unencrypted password in the text of an electronic message 
or store it unencrypted in a file on the network. 

■ Never use the default password (the password assigned from the factory). 

• Avoid proper names, nicknames, or full words for passwords— even spelled backwards. Do not repeat 
a password that you have used before. 

■ Do use long, unpronounceable acronyms, such as the first letters of an unfamiliar song or phrase, or an 
obscure word with vowels omitted. For example, an eight-letter password could be TNPLHTOT, derived 
from "There's no place like home, Toto," although a more personaljafirase is better. 

■ Do use passwords with numbers or special characters inserted. Using the last example, an eight letter 
password could be TNPL9H&T. 

■ Do use nonsensical but pronounceable words; for example, SKRODRA8. (NIST has specified an algo- 
rithm that uses a random number to generate pronounceable passwords. 2 ) 

■ Do consider using an electronic token, a challenge-response system, a biometnc device, or other tech- 
nique that better identifies the user. Consider using a "three strikes and you're out" system for commu- 
nications links, such as is used in automated teller machines. Remove unused accounts whenever pos- 
sible 



1 Attributed to Cliflord Stoll. author of The Cuckoo's Egg. Tracing a Spy Through (he Maze of Computer Espionage (New York, NY 
Doubleday. 1989) 

2 U S Department of Commerce. National institute of Standards and Technology. "Automated Password Generator. " FIPS PUB 
1 81 (Springfield. VA National Technical Information Services. October 1993) 

SOURCE Office of Technology Assessment. 1994 
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From bottom to top: PCMCIA card. PCMCIA card with fax 
modem, PCMCIA card with hard disk. 



Secure Tokens 

Smart cards, 20 PCMCIA cards, 21 SmartDisks, 22 
and other secure tokens are devices used to au- 
thenticate a user to a computer. In an access con- 
trol system, the user must insert the token into a 
reader connected to a computer, which may be 
connected to a network. The token then obtains 
access on behalf of the user (to a remote computer, 
for example) by providing the necessary autho- 
rizations and confirming the user's identity. 



The token can read and verify digital signatures 
from the computer so that the card will not be 
fooled into giving away sensitive information to 
a computer acting as an impostor. The token also 
can send its own encrypted digital signature so 
that the computer knows that the token is not an 
imitation. No intruder can obtain access to the 
computer without the token and knowledge of se- 
cret information needed to activate the token (for 
example, a password). 

The PCMCIA card is slightly larger than a 
credit card but with a connector on one end, and 
plugs directly into a standard slot in the computer. 
The card has a microprocessor chip embedded in- 
side that performs the sophisticated authentica- 
tion features. Other types of PCMCIA cards can 
be used to provide extra and portable memory ca- 
pacity and to provide communications capability. 
As new computer models include slots for 
PCMCIA cards, their use as secure tokens appears 
promising. 

Other technologies perform similar functions 
in different forms. Smart cards are plastic cards 
the size of bank cards that have a microprocessor 
chip embedded in the plastic, sometimes with a 
magnetic stripe also on the back. The SmartDisk 
is a token in the shape of a 3.5-inch diameter mag- 
netic disk with a connectionless interface that 
communicates with the disk drive head. 

Firewalls 

Individual workstations usually vary greatly with- 
in an organization's network. Because of this vari- 
ation and difficulties managing each workstation, 
it is difficult to safeguard individual workstations 
from intrusions from outside the network. A fire- 
wall provides a focus for managing network safe- 
guards by restricting communication into and out 



20 U.S. Department of Commerce. National Institute of Standards and Technology. Smart Cord Technology: New Methods for Computer 
Access Control. NIST Spec. Pub. 500-147 (Gaithersburg. MD: NIST, September 1988). Sec also Jerome Svigals, "Smart Cards— A Security 
Assessment." Computers £ Security, vol. 13 (1994). pp. 107-114. 

21 PCMCIA stands for Personal Computer Memory Card Industry Association. The National Security Agency's TESSERA Card uses a 
PCMCIA interface, with a Capstone chip inside the card. Capstone and the Escrowed Encryption Standard arc discussed in box 2-6 and in chap- 
ter 4. 

22 "SmartDisk" is a trademark of SmartDiskettc. Ltd. 
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of the network. The firewall itself is a dedicated 
computer that examines and restricts mainly in- 
coming, but sometimes outgoing, communica- 
tions. 23 

The form of the firewall restriction may be sim- 
ple; for example, electronic mail may be allowed 
while other services are not. Or the restriction may 
be more elaborate, perhaps requiring individual 
user authentication as a prerequisite for commu- 
nication through the firewall. Firewalls are partic- 
ularly important for networks connected to the 
Internet, to assure that computers on a smaller net- 
work are less vulnerable to intruders from the 
much larger Internet. 24 

Virus Checkers 

Virus checkers are software programs that auto- 
matically search a computer's files for known vi- 
ruses (for an explanation of viruses and other 
malicious software, see box 2-2). The checker 
scans files every time the computer is turned on or 
when new memory disks are inserted into the 
computer. The virus checker looks for patterns of 
code that resemble the code used in known vi- 
ruses, and alerts the user when it finds a resem- 
blance. 25 Since new viruses are discovered every 
month, virus checkers must be updated often, al- 
though many viruses cause no damage or are not 
relevant to most users. 

Auditing and Intrusion Detection 

Auditing is the act of automatically monitoring 
certain transactions that occur in a network over a 



period of time. Such transactions include transfers 
of files, and the local time when a user accesses the 
network. Auditing features on a network can 
quickly generate volumes of information about 
network use, however, that can overwhelm busy 
security personnel. Auditing, therefore, is often a 
passive activity where records are only kept for 
later examination. It is also a passive deterrent to 
authorized users who might fear getting caught 
should an investigation arise. 

Integrated, dynamic auditing systems not only 
record information, but also act to restrict use or 
to alert security personnel when possible safe- 
guard violations occur — not just violations from 
intruders but also from insiders. One feature 
might alert security personnel if users are acces- 
sing certain files after hours or if a user (or pos- 
sible intruder) repeatedly but unsuccessfully 
attempts to access a certain computer. The securi- 
ty officer might then closely monitor the user's ac- 
tions to determine what further actions should be 
taken (simply denying access might alert an in- 
truder to use a more reliable or more covert meth- 
od, confounding the security staff). Some 
sophisticated systems use expert systems that 
"learn" users' behavior. 26 

Encryption, Electronic Mail, 
and Digital Signatures 

Encryption is used for a variety of applications, 
including the protection of confidentiality and in- 
tegrity, authentication, and nonrepudiation. Dif- 
ferent methods are used to assure these properties, 



23 An information firewall is in this way like an airlock that eliminates a direct connection between two environments. The label firewall is 
misleading since firewalls used in buildings arc intended to stop all fires; network firewalls monitor (mostly incoming) traffic while generally 
allowing most of it through. 

24 Steven M. Bcllovin and William R. Cheswick, Firewalls and Internet Security: Repelling the Wiley Hacker (Reading, MA: Addison- 
Wcslcy, 1994). See also Frederick M. Avolio. "Building Internetwork Firewalls," Business Communications Review, January 1 994, pp. 1 5* 1 9. 

2 * Some viruses mutate every time they replicate, however, making programs that scan for a specific virus code less effective. 

26 Sec Dorothy E. Denning, "An Intrusion-Detection Model," IEEE Transactions on Software Engineering, SE-13, February 1987, pp. 
222-232; Susan Kerr. "Using AI 1 Artificial Intelligence] To Improve Security," Datamation, Feb. 1 . 1990, pp. 57-60; and Teresa F. Lunt ct al., 
"A Real-Time Intrusion- Detection Expert System," final technical report. SRI International, Feb. 28, 1992. 
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BOX 2-2: Viruses, Worms, ancfHow To Avoid Them 



The term virus is popularly used for any malicious software or so-called rogue program that can en- 
ter a computer and cause damage. 1 A true virus is a fragment or a program that replicates itself and 
modifies ("infects") other programs. A worm, on the other hand, is an independent program that moves 
through a system and alters its operation, but does not infect other programs. Viruses and worms can 
use techniques such as "logic bombs" and 'Trojan horses" to disguise their function. A logic bomb, for 
example, is triggered to perform an action when a certain event or condition occurs, such as on Friday 
the 13th. A Trojan horse tricks a user into using a desirable function so that it can perform some other 
function, such as recording passwords. 

What do viruses do that users should worry about? The possibilities for damage are only limited by 
the imagination of those who create the viruses. Types of virus damage include: changing the data in 
files, changing file attributes so that others can access confidential files, filling up computer memory 
with meaningless data, changing internal addressing so that the user cannot access files, displaying 
obscene messages on the screen or in printouts, slowing down the computer, and changing the initial- 
ization program for the computer so that it cannot operate. Managers must often rely on users to follow 
good practices, such as the following, to keep networks clean: 

■ Do check all incoming software and computer diskettes with an up-to-date virus checker program (even 
incKding off-the-shelf software from reputable sources). 

■ 0 j backup all files frequently so that in case of a virus attack, the original uninfected files are still accessi- 
ble. Do check all files with the virus checker program before reins' : ng them. 

■ Do consider protecting software from Trojan horses by only allowing : dd-only access by all users except 
the system administrator. 

■ Do be wary of publicly available and free software, software borrowed from others, or software without 
the original packaging. Do not use pirated software. 



* SeePhihpE Fites. Peter Johnson, and Martin Kalz, The Computer Virus Crisis (New York, NY VanNostrand Remhold. 1992) See 
also Lance J Hoffman {e6). Rogue Programs. Viruses Worms, and Trojan Horses (New York. NY VanNostrand Reinhold, 1990); Peter 
J Denning (ed ). Computers Under Attack: Intruders. Worms, and Viruses (New York. NY: Addison Wesley. 1 990) . and John B Bowles 
andColbnE. Pelaez. "Bad Code, "and other articles in IEEE Spectrum. August 1992. pp 36-40. and Jeff eryO Kephartetal , "Com- 
puters and Epidemiology." IEEE Spectrum, May 1993, pp. 20-26 

SOURCE- Office of Technology Assessment, 1994. and sources referenced below 

Historically, electronic mail has not used encryp- 
tion to protect the confidentiality of the message 
contents. PEM — or Privacy-Enhanced Mail — is a 
specific set of proposed standards that specifies 
how to encrypt the contents of electronic mail 
messages for the Internet. 28 Unauthorized users 
cannot read a PEM encrypted message even if 



and each method has its strengths and weaknesses. 
These different methods can be integrated to pro- 
vide multiple safeguards (see box 2-3). 27 

One widely used network application is elec- 
tronic mail (email). Large and small networks can 
transfer electronic mail messages from worksta- 
tion to workstation, holding the message for the 
addressee until he or she accesses it on a computer. 



27 For a short description of better known algorithms, sec Bruce Schncier. "A Taxonomy of Encryption Algorithms." Computer Security 
Journal vol. IX. No. l.p. 39, 

28 Slephen T. Kent. "Internet Privacy Enhanced Mail." Communications of the ACM. vol. M\ No. 8. August 1993. p. 48-59. 
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FI'GURE 2-1: Secret-Key (Symmetric) Encryption 
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Carol encrypts 
her messages to 

Ted with their 
shared secret key 



Ted decrypts 
messages from 

Carol with the 
same secret key 



Carol 





Carol decrypts 
Ted's messages 
with the same 
secret key 



Ted sends 
messages back 
to Carol using 
their secret key 



NOTE Security depends on the secrecy of the shared key 

they were to obtain access to it. PEM can also 
digitally "sign" the message to authenticate the 
sender. Although PEM can protect the confiden- 
tiality of the message, it cannot protect the confi- 
dentiality of the address, since that information 
must be understood by network providers in order 
to send the message. Privacy-enhanced mail re- 
quires that both the sender and the receiver of the 
electronic mail message have interoperable soft- 
ware programs that can encrypt and decrypt the 
message, and sign and verify the digital signature. 
Therefore, widespread adoption is still far off. 



Biometric Devices 

Access-control systems can use three methods to 
identify a particular user: something the user 
knows (e.g., a password), something the user has 
in his or her possession (e.g., a secure token), or 
something that physically characterizes the user. 
This last method is known as biometrics. Charac- 
teristics that might be analyzed by biometric de- 
vices include retinal scans of the eye, fingerprints, 
handprints, voice "prints," signature dynamics, 
and the typing of keystroke patterns. 29 

Biometric devices can be effective in many 
cases, but are expected to be less effective for pro- 
tecting networked information due to their gener- 
ally higher cost. Biometric signatures also can be 
intercepted and imitated, just as unchanging pass- 
words can, unless encryption or an unpredictable 
challenge is used (see the discussions above). 

Separation of Duties 

Safeguards need not be based in only hardware or 
software. They can also include administrative 
and other procedures like those used in accounting 
practices. As only one example, the authority and 
capacity to perform certain functions to net- 
worked information should be separated and dele- 
gated to different individuals. This principle is 
often applied to split the authority to write and ap- 
prove monetary transactions between two people. 
It can also be applied to separate the authority to 
add users to a system and other system administra- 
tor duties from the authority to assign passwords, 
review audits, and perform other security admin- 
istrator duties. The separation of duties principle 
is related to the "least privilege" principle, that is, 
that users and processes in a system should have 
least number of privileges and for the minimal pe- 
riod of time necessary to perform their assigned 
tasks. 

Wiretap laws apply the separation of duties 
principle by requiring the law-enforcement 
agency that conducts a wiretap (in the executive 
branch), to obtain permission from a court (in the 



29 Benjamin Miller, "Vital Signs of Identity," IEEE Spectrum, vol. 31, No. 2, February 1994, p. 22. 
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FIGURE 2-2: Public-Key (Asymmetric) Encryption 
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BOX 2-3: How Cryptography Is Used To Protect Information 



Different cryptographic methods are used to authenticate users, protect confidentiality, and assure 
integrity of messages. More than one method usuaily must be used to secure an overall operation, as 
described here (see also boxes 4-1 and 4-4). Cryptographic algorithms are either symmetric or asym- 
metric, depending on whether or not the same cryptographic key is used for encryption and decryp- 
tion. The key is a sequence of symbols that determines the transformation from unencrypted plaintext to 
encrypted ciphertext, and vice versa. 

Symmetric cryptosystems — also called secret-key or single-key systems — use the same key to en- 
crypt and decrypt messages (see figure 2-1). The federal Data Encryption Standard (DES) uses a se- 
cret-key algorithm. Both the sending and receiving parties must know the secret key that they will use to 
communicate. Secret-key algorithms can encrypt and decrypt relatively quickly, but systems that use 
only secret keys can be difficult to manage because they require a courier, registered mail, or other 
secure means for distributing keys. 

Asymmetric cryptosystems — also called public-key systems — use one key to encrypt and a second, 
different but mathematically related, key to decrypt messages. The Rivest-Shamir-Adleman (RSA) algo- 
rithm is a public-key algorithm. Commonly used public-key systems encrypt relatively slowly, but are 
useful for digital signatures and for exchanging the session keys that are used for encryption with a 
faster, symmetric cryptosystem. 1 The initiator needs only to protect the confidentiality and integrity of 
his or her private key. The other (public) key can be distributed more freely, but its authenticity must be 
assured (e.g., guaranteed by binding the identity of the owner to that key) . 

For example, if an associate sends Carol a message encrypted with Carol's public key, in principle 
only Carol can decrypt it, because she is the only one with the correct private key (see figure 2-2). This 
provides confidentiality and can be used to distribute secret keys, which can then be used to encrypt 
messages using a faster, symmetric cryptosystem (see box 2-5). 

For authentication, if a hypothetical user (Carol) uses her private key to sign messages, her 
associates can verify her signature using her public key. This method authenticates the sender, and can 
be used with hashing functions (see below) for a digital signature that can also check the integrity of 
the message 

Most systems use a combination of the above to provide both confidentiality and authentication. 

One-way hash functions are used to ensure the integrity of the message — that is, that it has not been 
altered. For example, Carol processes her message with a "hashing algorithm" that produces a shorter 
message digest— the equivalent of a very long checksum. Because the hashing method is a "one-way" 
function, the message digest cannot be reversed to obtain the message. Bob al^o processes the re- 
ceived text with the hashing algorithm and compares the resulting message digest with the one Carol 
signed and sent along with the message. If the message was altered in any way during transit, the 
digests will be different, revealing the alteration (see figure 2-3). 



1 For example, in hardware, the DES is between 1 .000 and 1 0.000 limes as fast as the RSA public key algorithm, depending on the 
implementation. In software, the DF.S is generally at least 100 times as fast as the RSA RSA Laboratories. "Answers to Frequently 
Asked Questions About Today's Cryptography." 1993. p 9 

SOURCE Office of Technology Assessment. 1994 



judicial branch). The Clinton Administration's key components with two escrow agents. (The 
key-escrowed encryption initiative applies the original escrow agents are both in the executive 
separation of duties principle in storing escrowed branch — see discussion in chapter 4). 



ERLC 



4S 

BEST COPY AVAILABLE 



40 1 Information Security and Privacy in Network Environments 



FIGURE 2*3: Example of a Hashing and Digital Signature Scheme 
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NOTE Different methods for generating and verifying signatures (as in the federal Digital Signature Standard) are possible. Measures to protect 
the signature and text may also be used 



In summary, many individual safeguard prod- 
ucts and techniques are currently available to ade- 
quately address specific vulnerabilities of 
information networks — provided ihe user knows 
what to purchase and can afford and correctly use 
the product or technique. Easier-to-use, more af- 
fordable safeguards are needed. In particular, 
there is a need for general-purpose products that 
integrate multiple security features with other 
functions, for example, electronic commerce or 
electronic mail. 



INSTITUTIONS THAT FACILITATE 
SAFEGUARDS FOR NETWORKED 
INFORMATION 

The discussion above describes processes and 
tools that a network manager might use to safe- 
guard a particular network using formal or infor- 
mal methods. It does not explain how networks 
are collectively safeguarded through the estab- 
lished marketplace and institutions. Safeguarding 
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networks collectively amounts essentially to safe- 
guarding the so-called information infrastructure. 

An information infrastructure — for the pur- 
poses of this discussion — is the collective set of 
computer hardware and software, data storage and 
generating equipment, abstract information and 
its applications, trained personnel, and intercon- 
nections between all of these components. 30 31 An 
international information infrastructure already 
exists; a user in one country can move data that is 
stored in another country to be used in a computer 
program in a third country, 32 The infrastructure 
includes the public-switched telephone network, 
satellite and wireless networks, private networks, 
and the Internet and other computer and data net- 
works. The infrastructure is continually and rapid- 
ly evolving as technology advances and as users 
find new applications. 

Individuals, corporations, governments, 
schools and universities, and others own compo- 
nents of the infrastructure, but no one owns or 
controls it as a whole. Moreover, the numerous 
stakeholders have diverse and often conflicting 
goals. The transportation infrastructure is similar: 
better freeways favor the interests of suburban liv- 



ing and private transportation, for example, but 
conflict with the interests of inner cities and public 
transportation. 

In particular, very large cooperative networks 
are too large and diverse to have one explicit 
policy regarding safeguards; each stakeholder has 
particular objectives that determine its own ex- 
plicit or implicit policy. This is true for the Inter- 
net, for example; according to Vinton Cerf, 
President of the Internet Society: 

Among the lessons learned in the two de- 
cades of research and development on the Inter- 
net is the realization that security is not a 
uniform requirement in all parts of the sys- 
tem. . . . These needs vary by application and 
one conclusion is that no single security proce- 
dure, policy, or technology can be uniformly ap- 
plied throughout the Internet environment to 
meet all its needs. 33 34 

The information infrastructure and its 
associated safeguards also cannot be built "from 
the ground up." Instead, the infrastructure must be 
steered by its stakeholders — including users and 
the federal government — by strengthening its 
institutions and assuring that there are adequate 



30 There is no single accepted definition of an information infrastructure. Sec also U.S. Congress. Office of Technology Assessment, Criti- 
cal Connections: Communication for the Future, OTA-C1T-407 (Washington. DC: U.S. Government Printing Office. January 1990); and Insti- 
tute for Information Studies. A National Information Network: Changing Our Lives in the 2 1st On/wry (Quccnstown. MD: The Aspen Institute, 
1992), 

51 The general infrastructure discussed in this chapter is distinguished from the Clinton Administration's "National Information Infrastruc- 
ture" (Nil) initiative, which seeks to "promote and support full development of each component [of the infrastructure]." Sec Information Infra- 
structure Task Force, The National Information Infrastructure: Agenda for Action (Washington. DC: National Telecommunications and In- 
formation Administration. Sept. 15. 1993). 

32 The European Union faces similar issues and has. therefore, called for the "development of strategics to enable the free movement of 
information within the single market while ensuring the security of the use of information systems throughout the Community," See Commis- 
sion of the European Communities. Directorate General XIII: Telecommunications. Information Market and Exploitation of Research. "Green 
Book on the Security of Information Systems: Draft 4,0." Oct, 18. 1993, 

53 Vinton G. Cerf. President. Internet Society, testimony. Hearing on Internet Security. Subcommittee on Science. Committee on Science. 
Space, and Technology. U.S. House of Representatives. Mar. 22. 1994. 

u The National Institute of Standards and Technology (NIST) proposed a security pol icy for the National Research and Education Network 
(NREN). however, where the NREN program was viewed as a steppingstone to development of the broader information infrastructure. The 
proposed policy was approved by the Federal Networking Council. See Dennis K. Branstad. "NREN Security Issues: Policies and Technolo- 
gies." Computer Security Journal, vol. IX. No. 1 . pp. 61-71 , Sec also Arthur E. Oldehocft. Iowa State University. "Foundations of a Security 
Policy for Use of the National Research and Educational Network." report prepared for the National Institute of Standards and Technology 
(Springfield. VA: National Technical Information Service. February 1992), 

The NREN is part of the High Performance Computing and Communications Program, See U.S. Congress. Office of Technology Assess- 
ment. Advanced Network Technology. OTA-BP-TCT-10I (Washington. DC: U.S. Government Printing Office. June 1993). 
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products and services available to users. By 
strengthening the roles of each of these interde- 
pendent institutions, the overall marketplace 
gains by more than the sum of the parts. 

Finally, the overall information infrastructure 
is not a well-defined or closed system and cannot 
be strengthened through tecnnical solutions 
alone. Rather, the infrastructure is changing and 
growing, and its vulnerabilities are not well un- 
derstood. The federal government must work to- 
gether with the many stakeholders to assure robust 
solutions that will automatically accommodate 
changes in technology and that can provide feed- 
back for steadily strengthening safeguards over- 
all. 

The information infrastructure is already in- 
ternational. Networks like the Internet seamlessly 
cross national borders. Networked information is 
also borderless and affects many different stake- 
holders worldwide. Achieving consensus regard- 
ing safeguards among these diverse, international 
stakeholders is more difficult than achieving tech- 
nical breakthroughs. Nevertheless, the federal 
government has the capacity for resolving many 
of the issues that inhibit or facilitate the use of 
quality safeguards by diverse communities. These 
issues are interrelated, however, so solving them 
piecemeal may not provide an overall solution. 

OTA found the following inhibitors and facili- 
tators of safeguards for networked information: 
management issues (including assigning respon- 
sibility, managing risk, and making cost deci- 
sions): availability of insurance; vendor and 
developer issues (including liability and export re- 
strictions); product standards, evaluations, and 
system certifications and acceditations; profes- 
sionalism and generally-accepted principles; es- 
tablishment of public key infrastructure(s); 
emergency response teams; user education and 
ethical studies; sanctions and enforcement against 
violators; regulatory bodies; and research and de- 
velopment. These are discussed below. 



I Management 

Information has become as much of an asset to a 
business or government agency as buildings, 
equipment, and people. The information in a cor- 
porate database is as crucial to one business, for 
example, as manufacturing equipment is crucial 
to another. Once the value of information is recog- 
nized, it follows that an organization's manage- 
ment should protect it in the same manner as other 
corporate or government assets; for example, us- 
ing risk analyses, contingency plans, and insur- 
ance to cover possible losses. 

Managers and accountants often do not recog- 
nize electronic information as an asset, however, 
because of its less tangible nature, its relatively re- 
cent prominence, and the lack of documentation 
of monetary losses arising from loss or theft of in- 
formation. Paper-based information and money 
can be protected in a safe inside a secured build- 
ing. Destruction of the building in a fire is a very 
tangible and easily documented event. In contrast, 
loss or duplication of electronic information may 
not even be noticed, much less reported publicly. 

The losses that are reported or that reach the 
public consciousness also do not necessarily rep- 
resent the overall losses. Until now, most losses in 
corporate networks arise from human errors and 
authorized users. Media attention, however, most 
often highlights virus attacks or teenage and adult 
"crackers" — important, but often unrepresenta- 
tive, sources of lost information, time, and money. 
Management may perceive that the corporate or 
agency network is safe from these sensational 
threats, while ignoring other important threats. 
Management may also be reluctant to make 
changes to the network that can cause disruptions 
in productivity. 
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BOX 2-4: How Accounting Protects Financial Assets ' > 



Accounting practices and institutions exist to protect traditional assets as information safeguards 
and institutions protect information assets Modern accounting practices grew out of the catastrophic 
stock market crash of 1929 and subsequent efforts to avoid government intervention by the Securities 
and Exchange Commission. In the late 1930s, the American Institute of Certified Public Accountants 
moved to set accounting standards. Changes in the financial markets in the 1960s led to the establish- 
ment of the Generally Accepted Accounting Principles and other standards 

Several parallels exist with the safeguarding of information assets, and also many differences. The 
parallels are summarized below. 



Comparison of Information Assets With Traditional Assets 





Information assets 


Traditional assets 


Typical threats 


Human error, insiders, natural disasters 


Human error, insiders, natural 
disasters 


Management 


Chief information Officer and Chief Executive 


Chief Financial Officer and 


responsibility 


Officer 


Chief Executive Officer 


Education 


Computer Science departments 


Business schools 


Principles 


Generally Accepted System Security Principles 


Generally Accepted Accounting 
Principles 


Certification 


International Information Systems Security 
Certification Consortium and Institute for 
Certification of Computer Professionals 
certifications (in development) 


Certified Public Accountants 



SOURCE- Office of Technology Assessment, 1994, and National Research Council, Computers at Risk Safe Computing in the In- 
formation Age (Washington, DC - National Academy Press, 1991), p 280 



Experts note that information is never ade- 
quately safeguarded unless the responsibility for 
information assets is placed directly on top man- 
agement, which can then assign the necessary re- 
sources and achieve consensus among diverse 
participants within the organization. Information 
security then becomes a financial control feature 
subject to audit in the same manner as other con- 
trol functions (see box 2-4). 35 Responsibility 
often may never be assigned in a particular corpo- 
ration or agency, however, unless a catastrophe 
occurs that gains the attention of, for example, 
stockholders (in a corporation or in the stock mar- 



ket) or Congress (in the federal government). Un- 
fortunately, by that time it is too late to apply 
safeguards to protect any information that was 
loat, copied, or damaged. 

I Insurers and Disaster Recovery 
Services 

Insurance helps spread and manage risk and there- 
fore, in principle, protect an organization's in- 
formation assets from losses. Insurance policies 
exist to protect against the loss of availability of 
networks in a disaster, threats from computer vi- 



35 For a description of how information systems arc audited and "to assist management in evaluating cost/benefit considerations," sec Insti- 
tute of Internal Auditors Research Foundation. Systems Auditobility and Control Report (Orlando, FL: Institute of Internal Auditors. 1 991 ). 
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ruses, toll fraud, or claims made by a third party as 
a result of an error made by the organization. Us- 
ers can also purchase computer disaster recovery 
services that can restore services in the event that 
the main computer center is incapacitated. Insur- 
ance for information losses does not cover the 
great majority of security threats, however, in- 
cluding losses arising from hun^an or software 
errors from within the organization. 36 Organiza- 
tions must continue to self-insure against mone- 
tary losses due to loss, theft, or exposure of 
networked information, using appropriate safe- 
guards. 37 

To justify a market for broader insurance cover- 
age, risks must be assessable, the losses must be 
detectable and quantifiable, and the insurer must 
have confidence that the insured is acting in good 
faith to report all relevant information and is exer- 
cising reasonable care to avoid and mitigate 
losses. Network security is a dynamic field, how- 
ever; losses arc not necessarily detectable or quan- 
tifiable. The standards for due care and concepts 
of risk analysis for protecting networked informa- 
tion also are not necessarily adequately developed 
or dependable to allow insurance companies to 
make underwriting decisions (see earlier discus- 
sion). 38 Moreover, insurance companies may seek 
to protect themselves and price their policies too 
high, reflecting their un= ertainty about the magni- 
tude of losses, as well as their inability to verify 
the safeguards undertaken. 

Insurance companies are most likely to accom- 
modate risks to networked intormation into poli- 
cies by modifying traditional coverage, but these 
risks are not always comparable with traditional 
risks such as the loss of availability from a natural 
disaster. Information can be ''stolen" without re- 
moving it from the premises, for example. 



Ideally, broader insurance coverage for in- 
formation assets may help stabilize the market- 
place by forcing policyowners to meet minimum 
standards of due care or generally accepted prin- 
ciples and to perform risk analyses. The under- 
writers could audit the policyowners to ensure that 
they are following such methods. As more compa- 
nies buy insurance, the standards could become 
better developed, helping to improve the level of 
safeguards overall. On the other hand, insurance 
can also lead policyholders to become less vigi- 
lant and accept a level of risk that they would not 
accept without insurance (the problem of moral 
hazard). Insurance can also be expensive; invest- 
ing in personnel and technology may be a better 
investment for many organizations. 

I Vendors and Developers 

Critics argue that vendors and others who develop 
information products are primarily responsible 
for many faults that appear in software or hard- 
ware executing in the user's network. With great 
market pressure to continuously produce new and 
higher performance software, designing in safe- 
guards and extensive quality testing take a lower 
priority and may negatively impact functionality, 
development cost, or compatibility with other 
products. Software developers sell new software 
packages with few or no guarantees that the pro- 
grams are secure or free of undesirable character- 
istics — some of which are intentionally bpilt-in 
for various reasons, and some of ^hich are 
unintentional ("bugs"). Moreover, the customer 
or client generally must pay for upgraded versions 
that repair the "bugs" in original versions or add 
new features such as security. Products are also 
not necessarily shipped with security features al- 



36 Sec National Research Council, op. cit.. footnote 6. pp. 174-176. 

* 7 In other areas, self- insurance schemes run the gamut, from the elaborate mechanism of a multinational coiporation taking on the role of a 
health insurer for its employees (thereby avoiding a conventional insurer's profit margin and administrative costs), to a destitute driver ^self-in- 
suring** by simply not buying auto insurance and throwing risks onto the general public and him- or herself. 

* 8 Peter Sommcr. "Insurance and Contingency Planning: Making the Mix/' Computer Fraud and Security Bullet it '993, p. 5. 
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ready switched "on. M If products are not user- 
friendly or fully secure, users have no other choice 
except to write their own software, go without the 
safeguards, or make do with what is available. The 
buyers cannot necessarily articulate what features 
they want, and the developers are ultimately re- 
sponsible for designing new and useful products. 
Given society's growing dependence on net- 
worked information, the question of the develop- 
ers' responsibilities for secure and safe products 
will be increasingly important in coming years. 
This complex issue needs further attention, but is 
outside the scope of this report. 39 

Vendors and product developers often claim 
that buyers do not strongly demand safeguards. In 
a very competitive market for software, safe- 
guards often add development cost and may re- 
quire tradeoffs in functionality, compatibility, or 
capacity for which users are not willing to sacri- 
fice. Indeed, buyers are often accustomed to think- 
ing of computers as isolated machines, and that 
security violations "won't happen to me." Users, 
therefore, often make computer operation simpler 
by disabling the safeguards that are provided with 
the product. Users may not perceive that threats 
are real, may lack the expertise to use the products, 
or may simply be willing to assume the associated 
risk. For whatever reason, the majority of safe- 
guard failures in information networks is attribut- 
able to human errors in implementation and 
management of existing systems. 40 



Vendors are currently restricted from export- 
ing certain encryption products without a license 
granted by the State Department. The controlled 
products are those that that the National Security 
Agency (NSA) deems ''strong" — impractically 
difficult to decrypt should they be widely distrib- 
uted internationally. At one time, NSA was the 
source of almost all encryption technology in the 
United States, because of its role in signals intelli- 
gence and securing classified information. How- 
ever, encryption technology has moved beyond 
the national-security market into the commercial 
market. Today, therefore, U.S. intelligence and 
law-enforcement agencies are concerned about 
strong encryption incorporated into integrated 
hardware and software products (including com- 
mercial, public-domain, and shareware products). 
Much of the controlled encryption is already 
available outside of the United States as stand- 
alone products developed legally overseas (some- 
times based on articles or books 41 legally 
exported overseas), or pirated, transported, or 
developed overseas illegally (e.g., infringing 
patents; see discussion of export controls in chap- 
ter 4). 

Vendors argue that foreign companies can now 
produce and export many such products and will 
capture more of the market for safeguards 42 
Moreover, since security features are usually em- 
bedded inside of other hardware and software 



■* 9 National Research Council, op. cit.. footnote 6, pp. 165-17 V 

40 Ross Anderson. "Why Cryptosystcms Fail." Proceedings from the First ACM Conference on Computer and Communications Security, 
Nov. 5. 1993. Fairfax, VA. pp. 215-227. 

41 In one instance, the author of a book on cryptography received permission to export the book— including a printed appendix of source 
code listings to implement the algorithms and techniques described in the book— but was denied a license to export the same source code in 
machine-readable form. Bruce Schneicr's book. Applied Cryptography (New York. NY: John Wiley & Sons. 1 994) explains what cryptography 
can do. in nonmathemalical language-, describes how to build cryptography into products; illustrates cryptographic techniques; evaluates algo- 
rithms; and makes recommendations on .heir quality. According to Schneier. the State Department granted export approval for the book (as a 
publication, protected as free speech by the Constitution ). but denied export appnwal for the source code disk. According to Schneier. this disk 
contained, "line for line, the exact same source code listed in the book." (Bruce Schneier. Counterpane Systems. Oak Park. 1L. personal commu- 
nication. July 1. 1994.) 

42 U.S. House of Representatives. Subcommittee on Economic Policy. Trade, and Environment, hearing on encryption export controls. Oct. 
12, 1993. 
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'Clipper' Telephone Security Device (AT&TSurity 3600). 

products, foreign companies could capture more 
of the overall information technology market. On 
the other hand, buyers may not be demanding as 
much encryption protection for confidentiality as 
vendors claim. Further study into this issue is 
needed to determine more fully the effects of ex- 
port controls on the ability of vendors and devel- 
opers to supply affordable and user-friendly 
safeguards (see chapter 4). 

A number of important intellectual-property is- 
sues also have marked the industry, particularly 
pertaining to cryptography and software (see the 
1 992 OTA report Finding a Balance: Computer 
Software, Intellectual Property, and the Chal- 
lenge of Technological Change for discussion of 
copyright and patent issues pertaining to software 
and computer algorithms). Selected intellectual 
property issues are discussed further in chapter 3. 

In summary, the dynamic technologies and 
markets that produced the Internet and a strong 
networking and software industry in the United 
States have not consistently yielded products free 
from defects or equipped with affordable, user- 
friendly safeguards. More study of software and 
product quality and liability is needed to fully un- 
derstand vendors' responsibilities. More study is 



also needed to understand the effect of export con- 
trols on the ability of vendors and developers to 
provide affordable safeguards. 

I Standards-Setting Bodies 

Standards used in this context are specifications 
written or understood by formal or informal agree- 
ments or consequences. Standards allow different 
products to work together, making products and 
services easier to use and less expensive and the 
market more predictable for buyers. Standards are 
particularly important in networks, since many 
parties on the network must store and communi- 
cate information using compatible formats and 
procedures — called protocols. In small or closed 
networks, all the users can employ the same pro- 
prietary equipment and protocols, but in large and 
open networks this is impractical. 

An important area of standards-setting is in the 
protocols used to send messages between comput- 
ers. The Internet largely uses formats built upon 
the Transmission Control Protocol/Internet Proto- 
col (TCP/IP). Other protocols include the Open 
Systems Interconnection (OS I) set. 43 The proto- 
col of one system does not necessarily work with 
another system, and there is an effort to standard- 
ize or translate the various protocols so that com- 
puters can all talk easily with one another. To 
make this possible, some protocols may have to be 
abandoned, while others may be modified or 
translated when necessary. Without appropriate 
"placeholders" in currently developing protocol 
standards, it may be impossible in the future to set 
up and maintain desired network safeguards. 

Safeguards can be weakened as well as 
strengthened through the standards-setting proc- 
ess. Designers must often make compromises so 
that different protocols can work together. Main- 
taining the safeguarding features is only one as- 
pect of these modifications; other important 



43 Sec 1SO/IEC. 'Information Processing Systems — Open Systems Interconnection Reference Model— Part 2: Security Architecture "ISO 
7498-2. 1988, and related standards. Sec also the report of the Federal Internetworking Requirements Panel (F1RP) established by NIST to 
address short - and long -term issues of internetworking and convergence of networking protocols, including the TCP/IP and OS1 protocol suites. 
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features include user-friendliness, flexibility, 
speed or capacity, and cost. 

The lack of any standards or too many stan- 
dards, however, significantly limits the effective- 
ness of many safeguards. In particular, safeguards 
that require each user of either end of a commu- 
nication to have compatible schemes — for send- 
ing messages, for example, or encrypting and 
decrypting telephone calls — benefit from the wid- 
est possible distribution of that product so that the 
users can communicate with more people. Even 
market-driven de facto standards, in such a case, 
are better than well -protected users who cannot 
communicate with but a few other users because 
of a wide variety of incompatible standards. 

Stan( ards are set through bodies such as the In- 
ternet Engineering Task Force and the Internet Ar- 
chitecture Board, the International Organization 
for Standardization (ISO) 44 and the American Na- 
tional Standards Institute (ANSI), the former 
Comite Consultatif Internationale de Telegraphi- 
que et Telephonique (CCITT) 45 the European 
Computer Manufacturers Association (ECMA), 
the European Telecommunications Standards 
Institute (ETSI), the American Bankers Associa- 
tion (ABA), and the Institute of Electrical and 
Electronics Engineers (IEEE). 46 

In general, vendors in countries with markets 
and bodies that develop standards quickly can 
gain an advantage over vendors in other countries 
lacking quality standards. 47 Achieving the neces- 
sary consensus for quality standards is particular- 
ly difficult in the rapidly changing information 
industry, however, including the area of informa- 



tion safeguards. Standards are most effective 
when applied to relatively narrow, well-defined 
areas where there is a clear need for them. Policy- 
makers and others must therefore consider care- 
fully the balance between setting de jure standards 
versus allowing the market to diversify or drift to 
its own de facto standards. 

The National Institute of Standards and 
Technology (NIST) in the Department of Com- 
merce has a prominent role to work with these 
standards-setting bodies and also to develop Fed- 
eral Information Processing Standards (FIPS) for 
use by the federal government and its contractors. 
In particular, the Department of Commerce has re- 
cently issued two controversial FIPS that involve 
much larger debates over fundamental issues in- 
volving export controls, national-security and 
law-enforcement interests, and privacy — the Dig- 
ital Signature Standard (DSS) and the Escrowed 
Encryption Standard (EES). Broader efforts to 
protect networked information will be frustrated 
by cryptography-standards issues unless the proc- 
ess for establishing cryptography policy is clari- 
fied and improved (see chapter 4). 

I Product Evaluations 

Product evaluations in general are intended to 
help assure buyers that off-the-shelf computer and 
network equipment and software meet contract re- 
quirements and include certain acceptable safe- 
guards free of defects. Even relatively simple 
systems require that all but experts place a signifi- 
cant amount of trust in products and their vendors. 



44 Also known as the Organisation Internationale de Normalisation, and the International Standards Organization. 

45 The CCITT (also called the International Telegraph and Telephone Consultative Committee) has been reorganized in the International 
Telecommunications Union (ITU) in its new Telecommunication Standardization Sector. 

46 For further information, sec Deborah Russell and G.T Gangemi. op. cit., footnote 6. chapter 2 and appendix D. For further information on 
encryption standards, see Burt Kaliski. "A Survey of Encryption Standards." IEEE Micro, December 1993, pp. 74-81 . 

47 For an overview of general standards-setting processes and options for improvement, see U.S. Congress. Office of Technology Assess- 
ment, Global Standards: Building Blocks for the Future, OTA-TCT-5 1 2 (Washington. DC: U.S. Government Printing Office, March 1 992 ). See 
also David Landsbcrgen. "Establishing Telecommunications Standards: A Problem of Procedures and Values." Informatization and the Private 
Sector, vol. 2, No. 4, pp. 329-346. Sec also Carl F. Cargill. Information Technology Standardization: Theory. Process, and Organizations (Bed- 
ford, MA: Digital Press, 1989). 
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Independent experts can evaluate these products 
against minimum qualifications and screen for de- 
fects, saving buyers the cost of errors that might 
result from making their own evaluations or from 
relying on the vendors. 

Large user organizations are often capable of 
running benchmarks and other tests of functional 
specifications for their constituents. Within the 
federal government, the Department of the Trea- 
sury evaluates products used for message authen- 
tication for federal government financial 
transactions, with input and testing services pro- 
vided by NSA and NIST. NIST validates products 
that incorporate the Data Encryption Standard 
(DES) and other FIPS. NSA provides several ser- 
vices: endorsements of cryptographic products for 
use by government agencies only; approvals of 
"protected network services" from telecommu- 
nications providers; a list of preferred and en- 
dorsed products and test services for TEMi JsST 
equipment; 48 a list of degaussers (tools that de- 
magnetize magnetic media) that meet government 
specifications; and the assignment of trust levels 
to "computer systems, software, and compo- 
nents" 49 (through the National Computer Securi- 
ty Center or NCSC 50 ). 

In the last case, the NCSC evaluates products 
against the Trusted Computer Security Evaluation 
Criteria (TCSEC— the "Orange Book") and its re- 



lated "Rainbow Series" books. 51 An evaluation 
refers here to the "assessment for conformance 
with a pre-established metric, criteria, or stan- 
dard," whereas an endorsement is an approval for 
use. 52 The NCSC makes these evaluations at no 
direct cost to vendors, but vendors must pay for 
considerable preparation and the process is often 
slow. This process in turn adds delays for buyers, 
who must pay for the overall development cost. 
Critics claim that the process produces obsolete 
productsby the time the products are evaluated. 

The Orange Book also emphasizes access con- 
trol and confidentiality, and not other features 
such as integrity or availability more relevant to 
industry, civilian agencies, or individuals. This 
emphasis is a direct result of the Orange Book's 
Department of Defense history; applications in- 
volving classified information and national secu- 
rity require trusted systems that emphasize 
confidentiality. Critics claim that this emphasis is 
too slow to change and perpetuates an obsolete ap- 
proach. Some also claim that the rating of the eval- 
uated product should pertain to its condition "out 
of the box," not after the security features have 
been switched on by a security professional. 

To attempt to meet the needs of other buyers, 
NIST is developing a complementary process that 
would delegate evaluations of lower level security 



48 The U.S. government established the TEMPEST program in the 1950s to eliminate compromising electromagnetic emanations from 
electronic equipment, including computers. Without such protection, an adversary may detect faint emanations (including noise) from outside 
the room or building in which the user is operating the computer, and use the emanations to reconstruct information. TEMPEST products arc 
used almost exclusively to protect classified information. 

49 National Security Agency. Information Systems Security Organization. Information Systems Security Products and Services Catalog 
(Washington. DC: U.S. Government Printing Office. 1 994). p. vii. The word systems often appears in this context but is misleading; the trust 
levels arc actually assigned to products. Sec the discussion below on certification and accreditation. 

50 The National Computer Security Center was established from the Department of Defense Computer Security Initiative, which in turn was 
a response to identified security weaknesses in computers sold to the Department of Defense. 

51 So called because each book is named after the color of its cover. The first in the series is the Orange Book. See U.S. Department of De- 
fense. DOD Trusted Computer System Evalttation Criteria (TCSEC), DOD 5200.28-STD (Washington. DC: U.S. Government Printing Office. 
December 1985). The Orange Book is interpreted for networked applications in the "Red Book." See National Computer Security Center. 
NCSC Trusted Network Interpretation. NCSC-TG-005 (Washington. DC: U.S. Government Printing Office. July 1987). See also the "Yellow 
Book": National Computer Security Center. Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements — Guidance for 
Applying the Department of Defense Trusted Computer System Evaluation Cri;eria in Specific Environments. CSC-STD-004-8 (Washington. 
DC: U.S. Government Printing Office. June 25. 1985). 

52 National Security Agency, op. ciU footnote 49. pp. 4-28.4-29. 
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products to third parties certified by the U.S. gov- 
ernment. This program, the Trusted Technology 
Assessment Program (TTAP), is under develop- 
ment and would be managed by NIST. The evalu- 
ators could charge for the evaluations, but would 
compete to provide timely and inexpensive ser- 
vice. The overall cost might be lower, and prod- 
ucts may be brought to market more quickly. This 
process resembles the Commercially-Licensed 
Evaluation Facilities (CLEF) program currently 
in use in the United Kingdom. 

Another alternative suggested by NIST is to al- 
low the vendors to validate claims on their own 
products for low-level security applications. This 
strategy could exist on its own or coexist with the 
TTAP described above. The vendors would be 
guided by using criteria and quality control tests 
built into the development process. While this al- 
ternative may be acceptable in many cases, an in- 
dependent evaluation using personnel not 
employed by the vendor may be preferable. 53 

In these or other alternatives, evaluators could 
work on their own to develop new criteria. If too 
many differing criteria are developed for evaluat- 
ing products, however, the market could be frag- 
mented and vendors may be forced to develop and 
market many different products. Such fragmenta- 
tion adds to cost, delays, and confusion for the 
buyer, defeating the purpose of the evaluations. In 
practice, relatively few sets of criteria may be 
widely used. 

Meanwhile, the European Community follows 
its own product evaluation standard called the In- 
formation Technology Security Evaluation Crite- 
ria (ITS EC) or Europe *s "White Book." These 
criteria are based in part on the U.S. Rainbow Se- 
ries as well as earlier European standards. The IT- 
SEC is less hierarchical and defines different 
categories of requirements depending cn the ap- 



plication. The ITSEC was developed by France, 
Germany, the Netherlands, and the United King- 
dom and was published in 1991. 54 

The differing European and U.S. criteria split 
the market for vendors, making products more ex- 
pensive to develop and test, and possibly driving 
out some vendors. NIST and NSA, therefore, pro- 
posed a new set of criteria to promote international 
harmonization of criteria as well as improve the 
existing Rainbow Series criteria, and to address 
better commercial requirements. A draft of these 
proposed "Federal Criteria" was published in De- 
cember 1992 and received comment throughout 
1993. 55 

NIST and NSA have since subsumed this proj- 
ect to work with the European Community and 
Canada toward an international standard — the 
Common Information Technology Security Crite- 
ria, or draft "Common Criteria" — expected in 
1994. The Common Criteria would incorporate 
the experience gained from the existing U.S. 
Rainbow Series (and the comments received on 
the draft Federal Criteria), the European ITSEC, 
and the Canadian Trusted Computer Product 
Evaluation Criteria. 

However, the resolution of an international 
agreement is not final. The proposal has met criti- 
cism for not incorporating foreign participation 
from Japan, Australia, and other countries. Critics 
also claim there is not enough participation from 
the private sector and that the intelligence sector, 
therefore, will drive any agreement too much to- 
ward protecting confidentiality rather than em- 
phasizing ether important features of safeguards. 
Even if agreement were completed, products that 
meet the Common Criteria will not be evaluated 
immediately as vendors must first interpret the 



53 National Research Council, op. cit., footnote 6. p. 128. 

54 Commission of the Economic Community. Information Technology Security Evaluation Criteria. Provisionalllarmonizcd Criteria, ver- 
sion 1.2. June 1991. 

• S5 U.S. Department of Commerce. National Institute of Standards and Technology. "Federal Criteria for Information Technology Security." 
December 1992. 
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new criteria and then evaluate existing products or 
develop new ones. 

The trusted product evaluation process is not 
and will not soon be effective for delivering prod- 
ucts that adequately protect networked informa- 
tion. Alternatives to the current approach appear 
promising, however, including (but not limited to) 
NIST's proposed Trusted Technology Assess- 
ment Program. 

I System Certifications and 
Accreditations 

The evaluations described above evaluate prod- 
ucts but not systems. A product can be defined as 
an off-the-shelf hardware or software product that 
can be used in a variety of operating environ- 
ments. A system, on the other hand, is designed for 
a specific user and operating environment. "The 
system has a real world environment and is sub- 
ject to real world threats. In the case of a product, 
only general assumptions can be made about its 
operating environment and it is up to the user, 
when incorporating the product into a real world 
system, to make sure that these assumptions are 
consistent with the environment of that sys- 
tem." 56 Product evaluations alone can overesti- 
mate the level of security for some applications, or 
if the product is not implemented correctly in the 
system. 

Increasingly, computers are becoming con- 
nected via networks and are being organized 
into distributed systems. In such environments a 
much more thorough system security analysis is 
required, and the product rating associated with 
each of the individual computers is in no way a 
sufficient basis for evaluating the security of the 
system as a whole. This suggests that it will be- 



come increasingly important to develop meth- 
odologies for ascertaining the security of 
networked systems, not just evaluations for indi- 
vidual computers. Product evaluations are not 
applicable to whole systems in general, and as 
"open systems" that can be interconnected rela- 
tively easily become more the rule, the need for 
system security evaluation, as distinct from 
product evaluation, will become even more crit- 
ical. 57 

DOD examines systems — a process called cer- 
tification — to technically assess the appropriate- 
ness of a particular system to process information 
of a specific sensitivity in its real-world environ- 
ment. 58 A DOD certification is thus an analysis re- 
lated to the system requirements. 59 The 
subsequent step of accreditation refers to the for- 
mal approval by a designated authority to use the 
system in that particular environment. The accred- 
itation should take account of the results of the 
certification, but may not necessarily reflect it; the 
accreditation also takes account of nontechnical 
(business and political) considerations and is the 
ultimate decision regarding the system. 

Certification attempts to encompass a systems 
approach to security and is a much more complex 
process than product evaluation. The National Re- 
search Council noted that 

. . . Unfortunately, the certification process 
tends to be more subjective and less technically 
rigorous than the product evaluation process. 
Certification of systems historically preceded 
Orange Book-style product evaluation, and cer- 
tification criteria are typically less uniform, that 
is, varying from agency to agency. . 

The report goes on to recommend that a set of 
generally accepted principles include guidelines 



56 Krish Bhaskar. op. cit.. footnote 6. p. 298. 

57 National Research Council, op. cit., footnote 6. pp. 138-139. 

58 National Computer Security Center, Introduction to Certification and Accreditation, NCSC-TG-029 (Fort George G, Meade. MD: Na- 
tional Computer Security Center. January 1994). 

59 The system certification concept here is distinct from the user examination and certification, and the key certification concepts discussed 
in other sections. 

60 National Research Council, op. cit.. footnote 6. p. 137. 
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"to institute more objective, uniform, rigorous 
standards for system certification." These prin- 
ciples are currently under development (see the 
following section). 

I Generally Accepted Practices and 
Principles 

Generally accepted practices can be documented 
and adopted to help guide information security 
professionals and vendors. These practices would 
act much as Generally Accepted Accounting Prin- 
ciples standardize practices for accountants (see 
box 2-4). Such practices could help advance pro- 
fessional examinations; provide standards of due 
care to guide users, managers, and insurance com- 
panies; and give vendors design targets. To be 
comprehensive, however, the generally accepted 
practices must be defined at several levels of de- 
tail, and different sets of standards would apply to 
different users and applications. The establish- 
ment of generally accepted principles was sug- 
gested by the National Research Council in 
1991. 61 

The Institute of Internal Auditors has a docu- 
ment "intended to assist management in evaluat- 
ing cost/benefit considerations" as well as to 
"[p]rovide internal audit and information systems 
practitioners with specific guidelines and techni- 
cal reference material to facilitate the implementa- 
tion and verification of appropriate controls." 62 
The Organization for Economic Cooperation and 
Development (OECD) has developed general 
guidelines to help member countries in informa- 
tion-security issues. The guidelines were adopted 
in 1 992 by the OECD Council and the 24 member 
nations. These guidelines list nine general prin- 



ciples and several measures to implement them. 
The guidelines are intended to serve as a frame- 
work for both the private and public sectors. 63 64 

The Information Systems Security Association 
(ISSA) is in the process of developing a compre- 
hensive set of Generally Accepted System Securi- 
ty Principles (GSSPs) for professionals and 
information-technology product developers to 
follow. The ISSA effort includes members from 
the federal government (through NIST), and rep- 
resentatives from Canada, Mexico, Japan, the Eu- 
ropean Community, and industry. The Clinton 
Administration has also supported NIST's efforts 
in GSSPs in its National Performance Review. 65 
The success of these principles, when completed, 
will depend on their speedy adoption by govern- 
ment, industry, and educational institutions. 

The ISSA has divided the principles into two 
sets. The first — the Information Security Profes- 
sional GSSPs — is aimed at professionals, includ- 
ing managers, developers, users, and auditors and 
certifiers of users. The second group — the GSSPs 
for Hardware and Software Information Prod- 
ucts — is aimed at products and the auditors and 
certifiers of products. Each of these sets of GSSPs 
has a three-tier hierarchy of pervasive principles, 
broad operating/functional principles, and de- 
tailed security principles. 

The pervasive principles adapt and expand on 
the OECD principles described above. The broad 
operating/functional principles are more specific 
and are based on many documents such as the 
NSA Rainbow Series, FIPS, Electronic Data 
Processing Auditor s Association Control Prin- 
ciples, and the United Kingdom's Code of Prac- 
tice for Information Security Management , 66 The 



61 Ibid. 

62 Sec Institute of Internal Auditors Research Foundation, op. cit.. footnote 35. pp. 1-4 to 1-6. 

w Organization for Economic Cooperation and Development. Information, Computer, and Communications Policy Committee, "Guide- 
lines for the Security of Information Systems." Paris. November 1992. 

64 The United Nations has relatively specific guidelines for its organizations. See United Nations, op. cit.. footnote 1 . 
Office of the Vice President. Accompanying Report of the National Performance Review. Reengineering Through Information Technolo- 
gy (Washington. DC: U.S. Government Printing Office. September 1993). 

66 Department of Trade and Industry. /t Code of Practice for Information Security Management, 1993. 
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detailed principles address the practical applica- 
tion of the other principles, and are expected to 
change frequently to stay current with evolving 
threats. The detailed principles will include step- 
by-step procedures of common • security tasks, 
prevalent practices, and so forth. 67 

Generally accepted principles have strategic 
importance to other aspects of networked in- 
formation, such as for establ ishing due care guide- 
lines for cost-justifying safeguards, as targets for 
training and professional certification programs, 
and as targets for insurance coverage. The current 
effort in GSSP will not produce immediate re- 
sults, but the effort is overdue and OTA found 
wide support for its mission. 

I Professional Organizations and 
Examinations 

The educational and career paths for information- 
security practitioners and managers are not so ma- 
ture as in other fields, such as accounting or law. 
The field could benefit from the professional de- 
velopment of security practitioners and managers. 
Security professionals enter the field from widely 
diverse disciplines, and managers cannot neces- 
sarily compare the expertise of applicants seeking 
positions as security professionals. Professional 
recognition credits individuals who show initia- 
tive and perform well against a known standard. 
University computer science departments lack 
programs specializing in information safeguards; 
but professional examinations provide a target for 
institutions that graduate computer scientists or 
provide continuing education in safeguards. 

Certifications 68 in other fields of computing in- 
clude the Certified Systems Professional, the Cer- 



tified Computer Programmer, and the Certified 
Data Processor (all from the Institute for Certifica- 
tion of Computer Professionals, or ICCP), and the 
Certified Information Systems Auditor (from the 
Electronic Data Processing Auditors Associa- 
tion). The Systems Security Examination of the 
ICCP allows professionals with diverse responsi- 
bilities to have a certification that includes in- 
formation safeguards. 69 These organizations have 
extended or have proposed extending existing cer- 
tifications to include information security, but 
none focus directly on it. 

The International Information Systems Securi- 
ty Certification Consortium (ISC 2 ) is developing 
an information security certification in coopera- 
tion with the federal government (through NIST 
and NSA), the Canadian government, Idaho State 
University, the Data Processing Management 
Association, Electronic Data Processing Auditors 
Association, the Information Systems Security 
Association, the International Federation for In- 
formation Processing, the Canadian Information 
Processing Society, the Computer Security Insti- 
tute, and others. The consortium expects to ex- 
amine about 1 ,500 professionals per year up to an 
ongoing pool of about 15,000 certified profes- 
sionals. 70 

Efforts to "professionalize" the information se- 
curity field are important steps, but will not pro- 
duce significant results for some time. Their 
success is also related to the success of Generally 
Accepted System Security Principles and their 
adoption in industry and government. It is unclear 
whether professional examinations and certifica- 
tions will ever have a strong impact in an industry 
that is as dynamic and evolutionary as information 



67 Information Systems Security Association. Inc.. GSSP Committee, "First Draft of the Generally Accepted System Security Principles.'* 
Sept. 22, 1993. 

68 The user certification concept here is distinct from the system certification and accreditation, and the key certification concepts discussed 
in other sections. 

69 Corey D. Schou. W. Vic. Maconachy. F. Lynn McNulty. and Arthur Chantkcr. "Information Security Professionalism for the 1 990V* 
Computer Security Journal, vol. IX, No. 1. p. 27. Sec also institute for Certification of Computer Professionals. **Thc Systems Security Ex- 
amination of the Institute for Certification of Computer Professionals (ICCP).** Computer Security Journal, vol. VI, No. 2, p. 79. 

70 Philip E. Fitcs. "Computer Security Professional Certification.*' Computer Security Journal, vol. V, No. 2, p, 75. 
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networking. Engineers in the information indus- 
try, for example, have not widely adopted the li- 
censing of professional engineers. Engineering 
examinations and licenses are more effective in 
relatively stable fields, such as the construction 
and oil industries. Examinations and certifica- 
tions are also effective, however, where liability 
and the protection of assets is involved, as in ac- 
counting and construction. 

I Public-Key Infrastructure 

Information networks must include important 
clearinghouse and assurance functions if electron- 
ic commerce and other transactions are to be more 
widespread and efficient (see chapter 3). 71 These 
functions include the exchange of cryptographic 
keys between interested parties to authenticate 
each party, protect the confidentiality and/or the 
integrity of the information, and control a copy- 
right (see box 2-3). 72 In all cases, the two commu- 
nicating parties must share at least one key before 
any other transactions can proceed — if only to 
transmit other keys for various purposes. A means 
to do this efficiently is called a public-key infra- 
structure. 

Each party could generate its own key pair and 
exchange public keys between themselves, or 
publish its public keys in a directory. 73 A key-dis- 
tribution center can also distribute public keys 
electronically over a network, or physically trans- 
port them. While manual techniques are accept- 



able for small networks, they are unwieldy for 
large networks and electronic commerce where 
keys must be changed often over long distances 
and between parties that have never met. 

Instead, experts envision broader use of elec- 
tronic commerce and other transactions by devel- 
oping trusted electronic systems for distributing 
and managing keys electronically. In order for the 
users to trust the keys they receive, some party 
must take responsibility for their accuracy. One 
way to do this is to embed each user 's key in a digi- 
tally signed message (certificate) signed by a 
trusted third party. The two parties then authenti- 
cate each other with the public keys and proceed 
with their communications (see hpx 2-5). 

The trusted third party is often referred to as a 
certification authority (CA), and plays an impor- 
tant role in these electronic commerce transac- 
tions. 74 The CA confirms the identity of each 
party at the beginning of the process, and presents 
the user with a certificate (signed by a digital sig- 
nature) with the user's public key 75 The CA also 
keeps a record of invalidated certificates; a user 
can check another user's certificate to see if it ex- 
pired or was otherwise invalidated. The CA could 
also act as a notary public to certify that an action 
occurred on a certain date 76 act as an archive to 
store a secure version of a document, or may be 
associated with key distribution, although other 
entities could also manage such functions. 



71 Important clearinghouse functions include matching buyers to sellers, exchanging electronic mail, clearing payments, and so forth. See 
Michael S. Baum and Henry H. Pcrritt. Jr., Electronic Contracting, Publishing, and EDI Law (New York. NY; Wiley Law Publications. 1 99 1 ). 
See also U .S. Congress. Office of Technology Assessment. Electronic Enterprise: Looking to the Future, OTA -TCT-600 (Washington, DC: U.S. 
Government Printing Office. May 1994). 

72 Sec \he Journal of the Interactive Multimedia Association Intellectual Property Project, vol. 1 . No. 1 (Annapolis. MD: Interactive Multi- 
media Association. January 1994). 

73 Morric Gasser. op. cit.. footnote 6. pp. 258-260. See also Walter Fumy and Peter Landrock. "Princ iples of Key Management " IEEE Jour- 
nal on Selected Areas in Communications, vol. 1 1 . No. 5. June 1993. pp. 785-793. 

74 The key certification concept here is distinct from the system certification and accreditation, and the user examination and certification 
concepts discussed in other sections. 

75 Sec the explanation in StephenT. Kent. -Internet Privacy Enhanced Mail," Communications of the ACM, vol. 36. No. 8, August 1 993. pp. 
4«59. 

76 Barry Cipra. "Electronic Time-Stamping: The Notary Public Goes Digital" and "All the Hash That's FitTo Print." Science, vol. 26 1 . July 
9. 1993. pp. 162-163. 
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BOX 2-5: How Are Cryptographic Keys Bcehanged Electronically? 



Whenever messages are encrypted in a network, there must be a method to safely exchange cryp- 
tographic keys between any two parties on a regular basis. Two public-key methods described here 
allow frequent electronic key exchanges without aliowing an eavesdropper to intercept the key. 

In the "key transport" or "key distribution" method, a user (Carol) generates a session key, and en- 
crypts it with the other user's (Ted's) public key (see figure 2-4). Carol then sends the encrypted session 
key to Ted. and Ted decrypts it with his private key to reveal the session key. 

To protect against fake or invalid public keys, a party can send his or her public key in a certificate 
digitally signed by a certification authority (CA) according to its standard policy. If the other party 
doubts the certificate's validity, it could use the CA's public key to confirm the certificate's validity. It also 
could check the certificate against a "hot list" of revoked certificates and contact the CA for an updated 
list 

In the Diffie-Hellman method, 1 each party (Alice and Bob) first generates his or her own private key 
(see figure 2-5). From the private key, each calculates a related public key. The calculation is one- 
way—the private key cannot be deduced from the public key 2 Alice and Cob then exchange the public 
keys, perhaps through a clearinghouse that facilitates the operation. 

Alice then can generate a whole new key — the session key — by combining Bob's public key with 
Alice's own private key. Interestingly, due to the mathematical nature of this system, Bob obtains the 
same session key when he combines Alice's public key with his private key. 3 An eavesdropper cannot 
obtain the session key, since he or she has no access to either of Alice or Bob's private keys. 



1 W Dittie and M E Hellman. "New Dnections in Cryptography." IEEE Transactions on Information Theory, vol. 22. 1976. pp 
644-654 

2 In the Diff le-Hellman technique, the public key (y) is based on the exponentiation of a parameter with x. where x is the random 
private key The exponentiation of even a large number is a relatively easy calculation compared with the reverse operation of finding 
the logarithm of y 

3 Using the Diffte-Hellman technique, one party exponentiates the other s public key (y) with his or her private key (x) The result is 
the same for both parties due to the properties of exponents The reverse operation of finding the logarithm using onty the public keys 
and other publicly available parameters appears to be computationally intractable. 

SOURCE Office of Technology Assessment. 1994 



The two parties in a transaction might have dif- 
ferent CAs depending on their location, function, 
and so forth. Each CA would then have to assure 
itself its underlying security policy assumptions 
are not violated when handing off from one inter- 
mediary to another. To do this, each CA would 
confirm that each other C A was authentic, and that 
the other CAs' policies for user authentication 
were adequate. 

Certification authorities have been established 
for use with Internet Privacy-Enhanced Mail and 
other functions. The recently formed Commerce- 



Net prototype, for example, will use public keys 
certified through existing and future authorities. 77 
"Value-added" telecommunication providers al- 
ready perform several electronic data interchange 
(EDI) services such as archiving, postmarking, 
acknowledging receipt, and assuring interoper- 
ability with other value-added carriers. Such carri- 
ers typically concentrate in one business sector 
but could, in principle, expand to provide services 
to a larger and more diverse market. Banks also 
have experience with storing valuable documents 



77 For a description of CommorccNct, see John W. Verity, "Truck Lanes for the Info Highway." Business Week, Apr. 1 8, 1994, pp. 112-114. 
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'.FIGURE 2-4: Secret-Key Distribution Using Public-Key Cryptography 
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NOTE Security depends on the secrecy of the session key and private keys, as well as the authenticity of the public keys 



(e.g., in safe deposit boxes), selling checks backed 
by their own funds, fulfilling conditions under 
trust agreements, and employing individuals who 
act as notaries public. Such experience could also 
be extended to electronic commerce to act as C As 
or to perform other functions. 

The U.S. Postal Service has proposed that it 
also become a certification authority. 78 Those de- 
siring distribution of public keys would identify 



themselves at a Post Office in the same manner 
that identification for passports is accomplished 
today. The certificates would be available online 
through existing networks such as the Internet and 
would be authenticated with a Postal Service pub- 
lic key. Additional transaction services would be 
provided for time and date stamping and archiv- 
ing, all authenticated with the Postal Service 



78 Mitre Corp., "Public Key Infrastructure Study," contractor report prepared for the National Institute of Standards and Technology, April 
1994. 
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FIGURE 2-5: Diffie-Hellman Key Exchange 
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public key. 79 Proponents point out that the Postal 
Service is already trusted with important docu- 
ments and is widely located. Critics note that al- 
though it provides certified mail services, the 
Postal Service has no real experience in electronic 
commerce; important details remain to be re- 
solved regarding liability and accountability. 

The establishment of a system of certification 
authorities and legal standards is essential for the 



development of a public-key infrastructure, 
which, in turn, is strategic to electronic commerce 
and to networked information in general (see 
chapter. 3). Current proposals for a public-key in- 
frastructure need further pilot testing, develop- 
ment, and review, however, before successful 
results can be expected. 



79 Richard Roth well. Technology Applications. U.S. Postal Service, personal communication. June 15. IW4. 
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I Emergency Response Teams 

Any network benefits from having a central clear- 
inghouse for information regarding threats to the 
network. In small networks, the ''clearinghouse" 
may be simply the system administrator who 
manages the network. Larger networks often have 
a team of individuals who collect and distribute 
information for the benefit of system administra- 
tors for its member networks. Such clearing- 
houses — called "emergency response teams" or 
"incident response teams" — are vital to large net- 
works of networks such as the Internet. 

The most prominent of these is the Computer 
Emergency Response Team (CERT), sponsored 
since 1988 by the Software Engineering Institute 
at Carnegie Mellon University and the Depart- 
ment of Defense's Advanced Research Projects 
Agency (ARPA). CERT provides a 24-hour point 
of contact available by telephone, facsimile, or 
electronic mail. CERT collects information about 
vulnerabilities; works with vendors and develop- 
ers, universities, law-enforcement agencies, 
NIST, and NSA to eliminate the vulnerabilities 
and threats; and disseminates information to sys- 
tems administrators and users to eliminate vulner- 
abilities where possible. According to its policy, 
CERT does not disseminate information about 
vulnerabilities without an associated solution 
(called a "patch") since malicious users could ex- 
ploit the vulnerability before the majority of user? 
had time to develop their own repairs. Some 
claim, however, that CERT could be more effec- 
tive by readily disseminating information about 
vulnerabilities so that useis can design their own 
patches, or perhaps if no solutions are found after 
a fixed period of time. 



CERT is not the only emergency response 
team. The Defense Data Network (DDN) Security 
Coordination Center, sponsored by the Defense 
Communications Agency and SRI International, 
is a clearinghouse for vulnerabilities and patches 
on the MILNET. 80 The Computer Incident Advi- 
sory Capability was established at Lawrence Liv- 
ermore Laboratory to provide a clearinghouse for 
classified and unclassified information vulnerabi- 
lities within the Department of Energy, including 
those relating to the Energy Science Network (ES- 
net). 81 

These and other emergency response teams 
form the Forum of Incident Response and Securi- 
ty Teams (FIRST), created by ARPA and NIST. 
The forum is intended to improve the effective- 
ness of individual and overall response efforts. Its 
members include groups from industry, academia, 
and government, both domestic and internation- 
al. 82 

The Administration has proposed that NIST, in 
coordination with the Office of Management and 
Budget and NSA, develop a governmentwide cri- 
sis response clearinghouse. This clearinghouse 
would serve existing or newly created agency re- 
sponse teams to improve the security of agency 
networks. 83 

Emergency response efforts are vital to safe- 
guarding networked information, due to the rela- 
tive lack of shared information about 
vulnerabilities in information networks. Expand- 
ing current efforts could further improve the coor- 
dination of system administrators and managers 
charged with protecting networked information. 



80 In 1983. the military communications part of the original ARPANET (sponsored b> the Advanced Research Projects Agency in the De- 
partment of Defense) was split off to form the MILNET. The remaining part of the ARPANET was decommissioned in 1 990. but its functionality 
continued under the National Science Foundation s NSFNET. which in turn became a prominent backbone of u. hat is called today the Internet. 

81 The Department of Energy's Energy Science Network (ESnet) includes a backbone and many smaller networks that arc all connected to 
the Internet, similar to the operation of the National Science Foundation's NSFNET. and the National Aeronautics and Space Administration's 
Science Internet (NSI). 

82 L. Di»in Gary . Manager. Computer Emergency Response Team Coordination Center, testimony before the House Subcommittee on Sci- 
ence. Mar. 22. 1994. 

8X Office of the Vice President, op. cil.. footnote 65 
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BOX 2-6: Why Is It So D.ffictilt 
To Safeguard Information? 



The Office of Technology Assessment asked 
the advisory panel for this study why it is so diffi- 
cult to safeguard networked information. There 
are many reasons; many of them are discussed 
in detail in this report. Here is a sample of the 
panelists' responses: 

■ Safeguards involve a tradeoff with cost and util- 
ity. (However, the alternative — not using safe- 
guards—can have catastrophic consequences 
and cost much more than the safeguards!) 

■ Successes in safeguarding information rarely 
produce measurable results, and successful 
managers are poorly rewarded. Failures can 
produce sensational results and managers are 
put on the defensive. 

■ Information is abstract; its value is only now be- 
coming understood. Information cannot be 
seen, and losses or disclosures can go unde- 
tected. 

• The user is often trusted to protect information 
that does he or she does not "own." 

• Information safeguards are relatively new and 
must evolve with the rapidly changing informa- 
tion industry. 

SOURCE. Office of Technology Assessment. 1994 



I Users, EthScs, and Education 

Unauthorized use of computers by authorized us- 
ers is estimated to be £■ . second largest source of 
losses (after human error), but users nevertheless 
must be trusted not to wrongly copy, modify, or 
delete files. Auditing and other security features 
do not always catch violations by trusted person- 
nel, or may not act as a deterrent. The security of 
any system will always require that its users act in 
an ethical and legal manner, much as traffic safety 
requires that drivers obey traffic laws, although in 
. practice they often do not (see box 2-6). 

Ethical and legal use of computers and in- 
formation is not clearly defined, however. Com- 
puter networks are entirely new media that 
challenge traditional views of ownership of in- 
formation, liability, and privacy (see chapter 3). 
Who is or who should be liable if a computer sys- 
tem fails, or if an "expert" computer program 
makes a poor decision? When can or when should 
employers or the government be able to monitor 
employees and citizens? When is or when should 
the copying of computer software be illegal? For 
these and other issues, it is not always clear when 
society should extend traditional (paper-based) 
models to networks, and when society should de- 
vise new rules for networks where they seem nec- 
essary. 84 Should ethics — and the laws based on 
ethics — be rule-based or character-based, or based 
otherwise? 

Ethical questions also extend to what consti- 
tutes proper behavior or acceptable use on public- 
ly available networks. As the Internet reaches 
more people, commercial enterprises are explor- 
ing it for uses other than education and research. 
Using the Internet for unsolicited commercial 
promotions has historically met great opposition 



from users, but recent events indicate a desire on 
the part of some to change this tradition. Now that 
more commercial enterprises are attaching to the 
Internet and the "backbones" for the large part are 
removed from the oversight of the National Sci- 
ence Foundation, the old rules for acceptable use 
of the Internet could change. 85 Who defines ac- 



Tom Forester and Percy Morrison. Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing (Cambridge. MA: MIT Press. 
1990). 

85 Users arc expected to use the federally subsidized portions of the Internet— such as the NSFNET backbone— only for nonprofit research 
or education purposes. This policy is called the Acceptable Use Policy, analogous to acceptable practices used in amateur radio. Those portions 
not subsidized by the federal government have no such restrictions, but a user culture exists that discourages use of the Internet for unsolicited 
electronic mail and other uses. The Coalition for Networked Information is expected to adopt guidelines to acceptable advertising practices on 
the Internet. Ethical principles endorsed by the Internet Activities Board arc listed in Vint Ccrf. "Ethics and the Internet;* Communications of the 
ACM. vol. 32. No. 6. June 1989. p. 710. 
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ceptable use and proper etiquette? What is the bal- 
ance between threatening or misleading behavior 
and free speech? What new practices might be 
necessary to control fraud? 

Experts note that users generally want to know 
where the line is drawn regarding ethical use of in- 
formation, and may only need some simple but 
memorable guidelines. For example, relatively 
few users probably know what constitutes fair use 
of copyrighted information, but would appreciate 
knowing what they can legally copy and what they 
cannot. Children are taught early on that writing 
in library books is an unethical practice; straight- 
forward, ethical computer practices can also be 
taught to children at an early age. Training in the 
workplace also can help users to understand ethi- 
cal principles, but such programs are only effec- 
tive if they are well-developed, do not appear 
superficial or insincere, and are repeated. 86 

Group behavior is particularly important since 
groups of users do not necessarily behave in the 
same manner as individuals. Even relatively se- 
cure networks rely on the cooperation of users to 
alert system managers to problems or threats. A 
strategic employee who never takes a vacation, for 
example, mavi>e a worker who cannot leave work 
for a single day without risk of becoming discov- 
ered in a security violation. An unannounced 
change in a program's operation may indicate that 
it has been altered. Fellow users can note this and 
other unusual network behavior that may signal an 
intruder in the system, a virus that is taxing net- 
work resources, or a design fault. "Just as deper- 
sonalized 'renewed' cities of high-rises and 
doormen sacrifice the safety provided by obser- 
vant neighbors in earlier, apparently chaotic, gos- 
sip-ridden, ethnic neighborhoods," group 
behavior determines whether users work positive- 



ly to protect the network, or whether they act as 
bystanders who lack the motivation, capability, or 
responsibility to work cooperatively. 87 

User education, therefore, requires progressive 
approaches to steer the group behavior to be sup- 
portive and participatory. 88 Such approaches in- 
clude using realistic examples and clearly written 
policies and procedures, and emphasizing im- 
provements rather than failures. Management 
should seek to inspire a commitment on the part 
of employees rather than simply describing poli- 
cies, and it should conduct open and constructive 
discussions of safeguards rather than one-sided 
diatribes. Security managers should build on one- 
to-one discussions before presenting issues al a 
meeting, and monitor more closely the acceptance 
of policies and practices by "outliers" — em- 
ployees who are the most or least popular in the 
group — since they are less likely to comply with 
the group behavior. 

The Computer Ethics Institute was created in 
1985 to advance the identification and education 
of ethical principles in computing, and sponsors 
conferences and publications on the subject. 
Groups such as the Federal Information Systems 
Security Educators' Association and NSA are also 
working to produce curricula and training materi- 
als. The National Conference of Lawyers and Sci- 
entists (NCLS) is convening a series of two 
conferences on legal, ethical, and technological 
aspects of computer and network use and abuse 
and the kinds of ethical, legal, and administrative 
frameworks thai should be constructed for the 
global information infrastructure. 89 A consortium 
of private- and public-sector groups recently an- 
nounced a National Computer Ethics and Respon- 
sibilities Campaign to raise public awareness of 



86 Sec also National Research Council, op. cit., footnote 6. p. 710. 

87 Ibid., p. 164. 

88 M.E. Kabay."Social Psychology and Infoscc: Psycho-Social Factors in the Implementation of Information Security Pol icy," Prix caiman 
of the 16th National Computer Security Conference (Baltimore. MD. Sept. 20-23. 1993). p. 274. 

89 National Conference of Lawyers mid Scientists. "Prospectus: NCLS Conferences on Legal. Ethical, and Technological Aspects of Com- 
puter and Network Use and Abuse." Irvine. CA, December 1993. 
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the social and economic costs of computer-related 
crimes and unethical behaviors and to promote re- 
sponsible computer and network usage. 

The promulgation of ethical principles in com- 
puter networks has heretofore received relatively 
little attention, and would benefit from broader 
support from schools, industry, government, and 
the media. With the rapid expansion of the net- 
worked society, there is a great need to support 
reevaluation of fundamental ethical principles — 
work that is currently receiving too little attention. 
More resources also could be applied to study and 
improve the methods and materials used in teach- 
ing ethical use of networked information, so that 
more effective packages are available to schools 
and organizations that train users. Finally, more 
resources could be devoted to ethical education 
for all types of users — including federal em- 
ployees, students, and the public at large. 

B Legal Sanctions and Law Enforcement 

The rapid pace of technological change challenges 
criminal and liability laws and regulations that 
were conceived in a paper-based society (see also 
chapter 3). 90 An error, an insider violation, or an 
attack from outside can debilitate an organization 
in many cases, as can the obstruction of regular 
business from an improperly executed law-en- 
forcement action. Computer cracking and other 
malicious behavior is likely to increase, and the 
perpetrators are likely to become more profession- 
al as the Internet and other components of the in- 
frastructure mature. Safeguards may become 
more widespread, but the payoffs will also in- 
crease for those who seek to exploit the infrastruc- 
ture's weaknesses. 

However, misconduct or criminal behavior 
may arise most from opportunities presented to 
otherwise loyal employees who do not necessarily 
have significant expertise, rather than from the 
stereotypical anti-establishment and expert 



"cracker." Violators may perceive that detection is 
rare, that they are acting within the law (if not ethi- 
cally), and that they are safely far from the scene 
of the crime. Also, some crackers who were 
caught intruding into systems have sold their 
skills as security experts, reinforcing the image 
that violators of security are not punished. Many 
of these insiders might be deterred from exploit- 
ing certain opportunities if penalties were en- 
forced or made more severe. 

It is not clear, however, that increasing criminal 
penalties necessarily results in less computer 
crime or in more prosecutions. Considerable leg- 
islation exists to penalize computer crimes, but 
criminals are difficult to identify and prosecute. 
Law-enforcement agencies lack the resources to 
investigate all the reported cases of misconduct, 
and their expertise generally lags that of the more 
expert users. In some cases where alleged viola- 
tors were arrested, the evidence was insufficient or 
improperly obtained, leading to an impression 
that convictions for many computer crimes are 
difficult to obtain. Better training of law-enforce- 
ment officers at the federal, state, and local levels, 
and more rigorous criminal investigations and en- 
forcement of existing laws may be more effective 
than new laws to strengthen sanctions against vio- 
lators. 91 

Organizations for their part can also clarify in- 
ternal rules regarding use of networked informa- 
tion, based on the organization's security policy. 
The organization can use intrusion detection and 
other tools to identify misconduct and apply its 
own sanctions in cases where sufficient evidence 
is discovered. The monitoring of employees raises 
questions of privacy, however, with some em- 
ployers preferring to warn employees when they 
are monitoring them or obtaining written permis- 
sion beforehand. Some security professionals 
claim the need for an escrowed key in the hands 
of the organization's security officers (in place of 



90 Sec Ian Walden, "Information Security and the Law," in Information Security Handbook, William Caclli. Dennis Longlcy. and Michael 
Shain (cds.) (New York. NY: Stockton Press, 1991), ch. 5. 

91 For a review of specific examples, sec Bruce Sterling, The Hacker Crackdown (New York, NY Bantam Books, 1992). 
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or in addition to safekeeping by law-enforcement 
officials). In case of an investigation, the security 
officers could use the escrowed key, but all other 
employees would be exempt from random moni- 
toring. 92 

Criminal and civil sanctions constitute only 
one aspect of safeguarding networked informa- 
tion. Further study is needed to determine the ef- 
fectiveness of such sanctions, as opposed to 
improving the effectiveness of federal, state, and 
local law-enforcement agencies to act on existing 
laws. 

I Regulatory Bodies 

Given the fragmentation of the telecommunica- 
tions industry and other developments in the last 
decade, existing federal oversight over telecom- 
munications is less comprehensive than in the 
past. Many modern telecommunications provid- 
ers such as value-added carriers and Internet pro- 
viders are not reviewed by the traditional entities, 
although such providers are increasingly impor- 
tant to businesses and government. 

Existing federal agencies that already review 
different aspects of the security and reliability of 
the public-switched telephone networks include 
the National Security Telecommunications Advi- 
sory Council (NSTAC), the National Commu- 
nications System (NCS), and the Federal 
Communications Commission (FCC). 93 NCS 
was established in 1 963 to coordinate the planning 
of national-security and emergency-preparedness 
communications for the federal government. NCS 



receives policy direction directly from the Presi- 
dent and the National Security Council, but is 
managed through the Department of Defense and 
includes member organizations from many other 
federal agencies. NSTAC was established during 
the Reagan Administration to advise the President 
on national-security and emergency-preparedness 
issues, and is composed of presidents and chief 
executive officers of major telecommunica- 
tions and defense-information-systems compa- 
nies. NSTAC works closely with NCS. 

The FCC plays a strong role in reliability ana 
privacy issues regarding the public-switched tele- 
phone network. The Network Reliability Council 
was established in 1992 by the FCC to provide it 
advice that will help prevent and minimize the im- 
pact of public telephone outages. 94 It is composed 
of chief executive officers from telephone compa- 
nies, representatives from state regulatory agen- 
cies, equipment suppliers, and federal, corporate, 
and consumer users. 

The federal government can also issue policies 
and requirements regarding the security of in- 
formation stored in and exchanged between finan- 
cial institutions, for example, for physical 
security, or contingency planning in the event of 
a natural disaster. Finally, the federal government 
regulates vendors through export controls. 

In other industrial sectors (e.g., transportation), 
the federal government uses safety regulations to 
protect consumers. Some have suggested that this 
function could be extended to critical hardware 
and software products for information systems, in 



92 Donn B. Parker, SRI, Inc.. "Crypto and Avoidance of Business Information Anarchy." Menlo Park, CA. September 1993. 

93 The availability, reliability, and survivability of the public -switched telephone networks have been the subject of other studies and there- 
fore is not the focus of this report. See, e. g., National Research Council, Growing Vulnerability of the Public Switched Networks: Implications 
for National Security Emergency Preparedness (Washington, DC: National Academy Press. 1989). See also Office of the Manager, National 
Communications System. "The Electronic Intrusion Threat to National Security and Emergency Preparedness (NS/EP) Telecommunications — 
An Awareness Document," Arlington, VA, Sept. 30. 1993; Richard Kuhn, Patricia Edfors, Victoria Howard, Chuck Caputo.andTedS. Phillips, 
"Improving Public Switched Network Security in an Open Environment " IEEE Computer, August 1 993. pp. 32-35; and U .S. Congress, Office 
of Technology Assessment. Critical Connections: Communications for the Future ,OTA-CTT- 407 (Washington, DC: U.S. Government Printing 
Office, January 1990). ch. 10. 

94 The council itself recently requested that the FCC disband the council, but the FCC rejected the request, offering instead that senior offi- 
cers from the organization , could attend in place of the chief executive officers. The FCC also proposed a revised charter for me co incil. to 
terminate in January 1996. 
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order to provide safe and secure systems and a saf- 
er infrastructure overall, and to strengthen the 
market for "secure" products that are currently too 
risky for individual vendors to produce. Vendors, 
on the other hand, argue that regulation makes 
products more expensive and slows their develop- 
ment. 95 

These issues are beyond the scope of this re- 
port, but further study is warranted. Further study 
is also needed on product quality and liability is- 
sues, including guidelines or requirements for 
contingency plans, adoption of standards or gen- 
erally accepted practices, establishment of liabil- 
ity for hardware and software products and 
services, and restrictions on the use of personal, 
proprietary, and copyrighted information that 
travels over networks. Such oversight could come 
from existing bodies as well as new bodies such 
as a privacy board (see chapter 3). 

I Research and Development 

Much of existing knowledge in information safe- 
guards — and in networking technology, including 
the Internet itself — arose from research by the fed- 
eral government through the Advanced Research 
Projects Agency (ARPA), NIST, NSA, and other 
agencies, as well as from the private sector. While 
some of the work is applicable to civilian applica- 
tions, most of the work has been oriented toward 
defense. 96 The National Science Foundation also 
has supported many research activities related to 
information networks through its management of 
the NSFNET, but security has not been a major ac- 
tivity. NSF has essentially commercialized the op- 
eration of the NSFNET, but considerable work 
remains to safeguard the Internet and other net- 
works. 



The National Performance Review has called 
for NIST to coordinate development of a govern- 
ment-wide plan for security research and develop- 
ment including a baseline assessment of current 
research and development investment. 97 Such re- 
search and development would address many of 
the other areas discussed in this chapter, such as 
risk analysis, formal models, new products, solu- 
tions to existing vulnerabilities, standards, prod- 
uct evaluations, system certifications, generally 
accepted principles, training and certification of 
information security professionals, the public-key 
infrastructure, emergency response, and ethical 
principles and education. 

The National Research Council has also called 
for research by ARPA, NSF, and others in prob- 
lems concerning secure firewalls, certification au- 
thorities, and other areas. 98 The National 
Research Council also found that "there is a press- 
ing need for a stronger program of university- 
based research in computer security. Such a 
program should have two explicit goals: addres- 
sing important technical problems and increasing 
the number of qualified people in the field. This 
program should be strongly interconnected with 
other fields of computer science and cognizant of 
trends in both theory and uses of computer sys- 
tems." 99 The report further suggested that atten- 
tion be given to cost-benefit models, new 
techniques, assurance techniques, computer safe- 
ty, and other areas with a practical, systems ap- 
proach as opposed to viewing the topics overly 
theoretically or in isolation. 

With the Clinton Administration's effon in the 
National Information Infrastructure program, re- 
search and development in safeguards for net- 
worked information could take a new direction 



9 * National Research Council, op. cit., footnote 6. pp. 165-173. 

96 The Internet itself grew out of A RPA's efforts in the ARPA NET going back lothc 1970s.Thc ARPANET research was intended to provide 
a distributed information system able to survive an attack that could eliminate a central information system. 

97 Office of the Vice President, op. cit., footnote 65. 

98 National Research Council. Rcaltztnf> the Information Future (Washington. DC: National Academy Press, 19<M). pp. 78-84. 101-102. 

99 National Research Council, op. cit.. footnote 6. pp. 206-215. 
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both in the private sector and in government. 
Additional resources could be applied to develop 
and implement many of the efforts discussed in 
this chapter. 

GOVERNMENT'S ROLE IN 
PROVIDING DIRECTION 

The Clinton Administration is promoting the Na- 
tional Information Infrastructure (Nil) initiative 
to accelerate the development of the existing in- 
frastructure and to facilitate, for example, elec- 
tronic commerce and the transfer of materials for 
research and education. 100 The Administration 
specifically calls for, among other things: review 
and clarification of the standards process to speed 
Nil applications; review of privacy concerns; re- 
view of encryption technology; working with in- 
dustry to increase network reliability; examining 
the adequacy of copyright laws; exploring ways to 
identify and reimburse copyright owners; opening 
up overseas markets; and eliminating trade barri- 
ers caused by incompatible standards. 

In a separate effort to "make government work 
better," the Clinton Administration also is pro- 
moting its National Performance Review (NPR), 
which includes other actions that impact the safe- 
guarding of networked information such as devel- 
opmert of standard encryption capabilities and 
digital signatures for sensitive, unclassified data, 



and emphasizing the need for information security 
in sensitive, unclassified systems. 101 However, 
the specific efforts to achieve these actions may or 
may not align with the Nil or other efforts within 
the Administration, or with the wishes of the Na- 
tion at large as represented by Congress. 

The National Research Council recently pro- 
duced a report at the request of the National Sci- 
ence Foundation on information networking and 
the Administration's National Information Infra- 
structure program. 102 The report supports work 
by ARPA, NSF, and other groups on problems 
such as developing secure firewalls, promoting 
certification authorities and the public-key infra- 
structure, providing for availability of the net- 
works, and placing stronger emphasis on security 
requirements in network protocol standards. The 
report notes that progress in security does not de- 
pend on technology alone but also on develop- 
ment of an overall architecture or plan, education 
and public attitudes, and associated regulatory 
policy. The report recommends a broader consid- 
eration of ethics in the information age, perhaps 
housed in NSF or a national commission. 

An earlier report by the National Research 
Council on computer security called for, among 
other things, promulgation of generally accepted 
system security principles, formation of emergen- 
cy response teams by users, education and training 



100 The Nil program has nine principles and objectives: 1 ) promote private-sector investment; 2) extend the "universal service" concept; 
3) promote innovation and applications; 4) promote seamless, interactive, user-driven operation; 5) ensure information security and network 
reliability; 6) improve management of the radio frequency spectrum; 7) protect intellectual property rights; 8) coordinate with other levels of 
government and other nations; and 9) provide access to government information and improve government procurement. See Information Infra- 
structure Task Force, "The National Information Infrastructure: Agenda for Action," National Telecommunications and Information Adminis- 
tration, Washington, DC. Sept. 15.1 993. More generally, one White House official proposes that the Nil initiative "will provide Americans the 
information they need, when they want it and where they want it — at an affordable price." (Mike Nelson. Office of Science and Technology 
Policy, speaking at the MIT Washington Seminar Series, Washington DC. Mar. 8. 1994.) Vice President Gore has noted that this docs not mean 
the federal government will construct, own. or operate a nationwide fiber (or other) network, however. He notes that most of the fiber needed for 
the backbones is already in place, but other components need support such as switches, software, and standards. See Graeme Browning. 
"Search for Tomorrow." NationalJournaL vol. 25. No. 12. Mar. 20. 1993. p. 67. 

101 Other privacy and security actions promoted are: establish a Privacy Protection Board; establish uniform privacy protection practices; 
develop generally accepted principles and practices for information security; develop a national crisis response clearinghouse for federal agen- 
cies; reevaluate security practices for national security data; foster the industry-government partnership for improving services and security in 
public telecommunications; implement the National Industrial Security Program, develop a comprehensive Internet security plan and coordi- 
nate security research and development. (Office of the Vice President, op. cit„ footnote 65.) 

102 National Research Council, op. ciU footnote 98. pp. 78-84. 101-102. 148-171. 
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BOX 2-7: What Are Clipper, Capstone, and SKIPJACK? 



SKIPJACK is a classified, symmetric-key, encryption algorithm that was developed by the National 
Security Agency to provide secure voice and data communications while allowing lawful access to 
those communications by law-enforcement. 1 According to the Clinton Administration, one reason the 
algorithm is classified is to prevent someone from implementing it in software or hardware with the 
strong algorithm, but without the feature that provides law enforcement access. 2 SKIPJACK is specified 
in the federal Escrowed Encryption Standard (EES— see chapter 4). 

Like the Data Encryption Standard (DES— see box 4-3), SKIPJACK transforms a 64-bit input biock 
into a 64-bit output block, and can be used in the same four modes of operation specified for the DES 
The secret-key length for SKIPJACK is 80 bits, however, as opposed to 56 bits for the DES, thereby 
allowing over 16,000,000 times more keys than the DES. 3 SKIPJACK also scrambles the data in 32 
rounds per single encrypt/decrypt operation, compared with 16 rounds for the DES. 

Mykotronx currently manufactures an escrowed-encryption chip— the MYK78, commonly known as 
the Clipper chip^that implements the SKIPJACK algorithm to encrypt communications between tele- 
phones, modems, or facsimile equipment. The chip is intended to be resistant to reverse engineering, 
so that any attempt to examine the chip will destroy its circuitry. The chip can encrypt and decrypt with 
another synchronized chip at the rate of 5 to 30 million bits per second depending on the mode of 
operation, clock rate, and chip version. 

The chip is initially programmed with specialized software, an 30-bit family key (as of June 1994 
there was only one family of chips), a unique 32-bit serial number (the chip identifier), and an 80-bit key 
specific to the chip (called the chip unique key). The chip unique key is the "exclusive or" combination 
of two 80-bit chip unique key components; one component is assigned (with the chip identifier) to each 
of the escrow agents chosen by the Attorney General. 4 

The Clipper chip is currently implemented in the AT&T Surity Telephone Device 3600. When a user 
(Alice) wishes to secure her conversation with another user (Bob) using their Model 3600 devices, she 
pushes a button and the two devices first generate an 80-bit session key using a proprietary, enhanced 
version of the Diffie-Hellman public-key technique In this way, each device can calculate the session 
key without actually sending a complete key over the network where it could be intercepted. 



1 See Dorothy E. Denning. "The Clipper Encryption System. " American Scientist, vol. 81. July-August 1993. pp 319-322. and 
Dorothy E. Denning. Georgetown University, "Cryptography and Escrowed Encryption." Nov. 7. 1993 

2 "Additionally, the SKIPJACK algonthm is classified Secret-Not Releasable to Foreign Nationals. This classification reflects the 
high quality of the algorithm, i e . it incorporates design techniques that are representative of algorithms used to protect classified 
information Disclosureof thealgorithm would permit analysisthat could result mdiscovery of theseclassifieddesigntechniques. and 
this would be detrimental to national security." Ernest F Brickelletal . "Skipjack Review Interim Report. The Skipjack Algorithm." July 
28. 1993. p. 7 

3 The "exhaustive search" techniqueuses variouskeysonan input to produceaknownoutput.untilamatcn is foundorall possible 
keys are exhausted The DES"s 56-bit key length yieldsover 72 trillion possible keys, while SKIPJACK'S 80-bit key lengthyields over 1 6 
millionmOretimesasmanykeysasDES According to the SKIPJACK review panel, if thecost of processing power is halved every 1 5 
years, it will take 36years before the cost of breaking SKIPJACK through the exhaustive search technique will equal the cost of break- 
ing DES today Ibid 

4 The creation of the chip unique key components is a very important step, if an adversary can guess or deduce these compo- 
nents with relative ease then the entire system is at risk These key components are created and the chips are programmed inside a 
secure facility with representatives of each escrow agent The specific process is classified, and an unclassified description was not 
available as of this writing 

(continued) 
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J . BOX 2-7 (cont'd.): What Are Clipper. Capstone, and SKIPJACK'' 



The devices then exchange the Law Enforcement Access Field (LEAF) and an "initialization vector." 
The LEAF contains the session key (encrypted with the chip unique key), the chip identifier, and a 16-bit 
authentication pattern, which are all encrypted with the family key. Each device then decrypts the LEAF, 
confirms the authentication data, and establishes an active link. The session key is then used to encrypt 
and decrypt all messages exchanged in both directions. 

Each, device also displays a character string. If the characters displayed on Alice and Bob's devices 
are different, this reveals an interception and retransmission of their communication by an eavesdrop- 
per, in what is called a "man-in-the-middle" attack. 

Law-enforcement agents are required to obtain a court order to monitor a suspected transmission. If 
they begin monitoring and ascertain that the transmission is encrypted using the Model 3600, agents 
first must extract and decrypt the LEAF (using the family key) from one of the devices. The decrypted 
LEAF reveals the chip identifier. With the chip identifier, they can request the chip unique key compo- 
nent from each of the two escrow agents. With both components, they can decrypt session keys as 
they are intercepted, and therefore decrypt the conversations. 5 

The Capstone chip also implements the SKIPJACK algorithm, but includes as well the Digital Signa- 
ture Algorithm (used in the federal Digital Signature Standard— see chapter 4), the Secure Hash Stan- 
dard, the classified Key Exchange Algorithm, circuitry for efficient exponentiation of large numbers, and 
. a random number generate jsing a pure noise source. Mykotronx currently manufactures the Cap- 
stone chip under the name MYK80, and the chip is also resistant to reverse engineering. Capstone is 
designed for computer and communications security, and its first implementation is in PCMCIA cards 
for securing electronic mail on workstations and personal computers. 



5 The initial phases of the system rely on manual procedures for preventing law enforcement from using escrowed keys after the 
court order expires or on communications recorded previous to the court order. For example, the officer must manually enter the ex- 
piration date into the decrypt processor, manually delete the key when the court order expires, and manually complete an audit state- 
ment to present to the escrow agents. The target system aims to enforce the court order by including with the escrowed keys an elec- 
tronic cer'if icate that is valid oniy for the period of the court order. The decrypt processor is intended to block the decryption when the 
certificate expires, and automatically send an audit statement electronically to the escrow agents. As of June 1994, thedesign was not 
complete (Miles Smid. Manager. Security Technology. NIST, presentation at NIST Key Escrow Encryption Workshop. June 10. 1994 ) 

SOURCE Office of Technology Assessment. 1994. and sources cited below. 



programs to promote public awareness, review for 
possible relaxation of export controls on imple- 
mentations of the Data Encryption Standard, and 
funding for a comprehensive program of re- 
search. 103 



In this environment, the federal government 
has several important, roles that affect the safe- 
guarding of networked information. Even though 
these roles are all intended to promote the needs 
of the nation's individuals and organizations, 



101 National Research Council, op. cit., footnote 6. 
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sometimes there are conflicts. 104 These conflicts 
are sometimes so polarizing or so important that 
attempts to resolve them at an administrative level 
can lead to poor decisions, or endless legal and op- 
erational problems from implementing a policy 
that has only weak support from stakeholders. 
While many of the details involve technology, the 
fundamental debates about national values and 
the role of government in society can only be re- 
solved at the highest levels (see boxes 2-7 and 
2-8). 105 

Thus, networked information poses a particu- 
larly difficult dilemma for government policy- 
makers: good security is needed to protect U.S. 
personal, business, and government communica- 
tions from domestic and foreign eavesdroppers. 
However, that same security then may hinder U.S. 
intelligence and law-enforcement operations. As- 
pects of this dilemma are manifested in specific is- 



sues as the technology develops, such as the 
following examples: 

■ Cryptography policy is the focus of several de- 
bates, including export controls on cryptogra- 
phy and development of federal cryptographic 
standards (see chapter 4). 

■ Digital Telephony legislation 106 has been pro- 
posed that would require telecommunications 
carriers "to ensure that the government's ability 
to lawfully intercept communications is not 
curtailed or prevented entirely by the introduc- 
tion of advanced technology." 107 (A discussion 
of digital telephony is outside the scope of this 
report.) 

■ Anonymous transactions. Many privacy advo- 
cates argue that certain monetary or other trans- 
actions (such as request of library materials) be 



104 These roles are as follows: First, government can provide a democratic framework for resolving debates and writing law to regulate 
activities. Second, it is a buyer and user of products and services; because of its size it can sometimes move the market in ways no other single 
buyer can, and it must also safeguard its own agency networks. Third, it is a supplier of products and services, such as census and other informa- 
tion. Fourth, it is at times a catalyst »hat can enter the marketplace to stimulate research and development or establish new institutions and stan- 
dards that eventually operate on their own. Finally, it intercepts communications for law-enforcement purposes and intelligence gathering. 

1 05 See also Lance J. Hoffman and Paul C. Clark, "Imminent Policy Considerations in the Design and Management of National and Interna- 
tional Computer Networks," IEEE Communications Magazine, February 199 1 , pp. 68-74; James E. Katz and Richard F. Gravcman. "Privacy 
Issues of a National Research and Education Network," Telematics and Informatics, vol. 8, No. 1/2, 1991 ; Marc Rotenberg, "Communications 
Privacy: Implications for Network Design," Communications of the ACM, vol. 36, No. 8. August 1993, pp. 61-68; and Electronic Privacy In- 
formation Center, 1994 Cryptography and Privacy Sourcebook, David Banisar (ed.) (Upland, PA: Diane Publishing, 19941. 

106 The proposed Digital Telephony and Communications Privacy Act of 1994 was in draft at this writing. Modem digital switches arc 
actually very fast computers that arrange and bill calls using complex software and pack thousands of calls together into optical fibers. The 
Clinton Administration claims that not all such technology has been designed or equipped to meet the intercept requirements of law enforce- 
ment. It claims mat law enforcement should be able to intercept those communications in certain circumstances, provided that a court order is 
obtained and officials use appropriate measures. Critics charge that legislation is unnecessary or costly at best, and undesirable at worst; many 
argue that individuals and corporations should have the right to absolutely secure their conversations if they choose. 

107 See Dorothy E. Denning, 'To Tap or Not To Tap." and related articles in Communications of the ACM. vol. 36. No. 3. March 1 993. pp. 
24^44. 



ERLC 



70 



Chapter 2 Safeguarding Networked Information 1 67 



BOX 2-8: Fair Cryptosystems— An Alternative to Clipper? . 



The Clinton Administration's key-escrow encryption initiative (e.g., Clipper and the Escrowed En- 
cryption Standard) is the most publicized escrowed-encryption scheme to date. Other schemes for 
third-party "trusteeship" of keys are possible, however. One so-called fair cryptosystem scheme claims 
to resolve many of the objections to the Administration's proposal. 1 

Fair cryptosystems allow the user to split a secret key into any number of key components that can 
be assigned to trusted entities. The user (e.g., a corporation) might split the key and assign one piece 
to a federal government agency and the other to a trusted third party, such as a bank. Each trustee 
would receive a signed message from the user, with the key component and its "shadows. "The shad- 
ows demonstrate to the trustee that the key component is indeed associated with the corresponding 
components assigned to the other trustees— without revealing the other components. The certificate 
would also indicate where the other key components are held. In a criminal investigation, following due 
process, a law-enforcement agency could obtain the key components from the two trustees. 

Other combinations are possible; for example, the user could design a system such that any three of 
four key components might be sufficient to decrypt its communications. For each secure telephone, the 
user might also keep a complete secret key for internal investigations, or in case of loss or sabotage of 
data. 

The algorithms used to implement fair cryptosystems could include a time variable so that the de- 
posited key components change periodically. Or, the key components could be made to calculate a set 
of session keys (which could change periodically) that would be valid for only the prescribed time. The 
user would choose the actual algorithm, which could be one of many that are subject to public review. 

Fair cryptosystems also could be implemented in software to reduce cost. In a software implementa- 
tion of a fair public-key cryptosystem, the user would be motivated to assign the key components to 
trustees in order to obtain permission to post his or her "public keys" in a key distribution or certification 
system. The public keys are used to initiate communications and to perform electronic transactions 
among parties who have not agreed in advance on common secret keys. Thus, the user has a great 
incentive to have his or her public keys made available. Without such permission from certification au- 
thorities, the user would have to distribute his or her public keys in a less efficient fashion. In a hardware 
implementation, chips can be programmed to require proof tha tdeposit of key components with trust- 
ees has taken place. 2 

This and other related schemes 3 claim *c dddress both corporate 4 and law-enforcement needs. The 
Escrowed Encryption Standard proponents note that the fair cryptography schemes require an action 
on the part of the user to submit the key components to trustees, while the EES does not— usets cannot 
keep the escrowed keys from its escrow agents. Critics of the EES proposal note, however, that crimi- 
nals and adversaries can, nevertheless, superencrypt over EES encryption (or any other scheme) For- 
eign companies and governments, and many others, also may find key-escrowed encryption objection- 
able if the U.S. government keeps the escrowed keys 



1 Silvio Micali. Laboratory for Computer Science. Massachusetts Institute of Technology. "Fair Cryptosystems." MIT Technical 
Report MIT/LCS/TR-579 b. November 1 993 See also Silvio Micali. "Fair Cryptosystems vs Clipper Chip A Brief Comparison." Nov 
11. 1993. Silvio Micah. "Fair Cryptosystems and Methods of Use." US. Patent No 5.276.737 (Jan 4. 1994), and US Patent No 
5.31 5.658 (May 24, 1 994) NlSTannounced a non-exclusive licensing agreement in principle with Silvio Micali The licensefor the 737 
and "658 patents would cover everyone "using a key escrow encryption system developed for authorized government law enforce- 
ment purposes "(NIST press release, July 1 1 , 1994) 

2 Frank W Sudia. Bankers Trust Company, personal communication. Apr 22. 1 994 

3 M J B Robshaw. RSA Laboratories. "Recent Proposals To Implement Fair Cryptography' No TR-301 . Oct 19 1993 
4 DonnB Parker. SRI International. MenloPark. CA. "Crypto and Avoidance of Business Information Anarchy. "September 1993 

SOURCE Office of Technology Assessment. 1994. and ciled sources 
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kept anonymous. 108 On the other hand, some 
businesses and lav/ enforcement have an inter- 
est in maintaining the electronic trail for bill- 
ing, marketing, or investigative purposes. In 
one example, a debate could arise over the pri- 
vacy or anonymity of electronic monetary 
transactions over information networks, Such 
"electronic cash" or other transactions would 
need strong safeguards to assure that the cash 
was exchanged without tampering or monitor- 
ing and could be made anonymous to protect 
individual privacy. 109 These safeguards might 
also eliminate the paper trail that exists in many 
current transactions, facilitating money laun- 
dering and extortion. 110 In such an event, law- 



enforcement authorities may seek to 
implement provisions that allow such transac- 
tions to be monitored in certain cases. (See 
OTA, Information Technologies for Control of 
Money Laundering, forthcoming 1995.) 
■ Electronic commerce. Digital signatures and 
other cryptographic techniques can be used to 
protect electronic documents and enforce elec- 
tronic contracts. The development of a public- 
key infrastructure is strategic to further 
expansion of electronic commerce. Crypto- 
graphic techniques and other safeguards may 
be used to secure or track copyrighted docu- 
ments, bill users, collect fees, and so forth. (See 
chapter 3.) 



108 Issues relating to anonymity and "digital libraries" are discussed in U.S. Congress. Office of Technology Assessment. Accessibility and 
Integrity of Networked Information Collections, background paper prepared for OTA by Clifford A. Lynch. BP-TCT- 109 (Washington. DC: 
Office of Technology Assessment, July 1993). 

109 Sec David Chaum. "Achieving Electronic Privacy." Scientific American, August 1992. pp. 96- 101 . 

1 10 Scbastiaan von Solms and David Naccache. "On Blind Signatures and Perfect Crimes." Computers and Security, vol. II. No. 6, 1992. p. 
581. 
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Legal 
Issues and 
Information 
Security 

Laws develop in response to society's needs. They evolve 
in the context of the mores of the culture, business prac- 
tices, and technologies of the time. The laws currently 
governing commercial transactions, data privacy, and in- 
tellectual property were largely developed for a time when tele- 
graphs, typewriters, and mimeographs were the commonly used 
office technologies and business was conducted with paper docu- 
ments sent by mail. Technologies and business practices have 
dramatically changed, but the law has been slower to adapt. Com- 
puters, electronic networks, and information systems are now 
used to routinely process, store, and transmit digital data in most 
commercial fields. As the spread and use of information technol- 
ogies in the business world have quickened, the failure of current 
laws to meet the needs of a digital, information-based society has 
become apparent. 

This chapter spotlights three areas where changes in commu- 
nication and information technologies are particularly signifi- 
cant: 

1. Electronic commerce. As businesses replace conventional 
paper documents with standardized computer forms, the need 
arises to secure the transactions and establish means to authen- 
ticate and provide nonrepudiation services for electronic 
transactions, that is, a means to establish authenticity and cer- 
tify that the transaction was made. Absent a signed paper docu- 
ment on which any nonauthorized changes could be detected, 
a substitute for the signature and a means to prevent, avoid, or 
minimize the chance that the electronic document has been al- 
tered must be developed. 



4 a 




70 1 Information Security and Privacy in Network Environments 



2. Protection of privacy in data and the in- 
ternational effect of efforts on the part of the 
European Union (EU) to protect per- 
sonal information. Since the 1970s, the 
United States has concentrated its efforts to 
protect the privacy of personal data on those 
data collected and archived by the federal gov- 
ernment. Rapid development of networks and 
information processing by computer now 
makes it possible for large quantities of person- 
al information to be acquired, exchanged, 
stored, and matched very quickly. As a result, 
a market for computer-matched personal data 
has expanded rapidly, and a private-sector in- 
formation industry has grown around the de- 
mand for such data. Although the United States 
does not comprehensively regulate the creation 
and use of such data in the private sector, for- 
eign governments (particularly the European 
Union) do impose controls. The difference be- 
tween the level of personal privacy protection 
in the United States and that of its trading part- 
ners, who in general more rigorously protect 
privacy, could inhibit the exchange of data with 
these countries. 1 

3. Protection of intellectual property in the ad- 
ministration of digital libraries. The avail- 
ability of protected intellectual property in 
networked information collections, such as 
digital libraries and other digital information 
banks, is straining the traditional methods of 
protection and payment for use of intellectual 
property. Technologies developed for securing 
information hold promise for monitoring the 
use of protected information, and provide a 
means for collecting and compensating the 
owners of intellectual property. 




19th-century 'cipher wheel" believed to be the oldest extant 
encryption/decryption device. 

ELECTRONIC COMMERCE 

Businesses are increasingly using electronic mes- 
saging, networked computers, and information 
systems for conducting business that was once 
transacted solely on paper or by telephone. Elec- 
tronic commerce is rapid and accurate and can re- 
duce the cost of doing business. Electronic mail, 
facsimiles, and standardized electronic business 
forms are transforming the marketplace, changing 
the way that business is transacted, and causing 
firms to restructure operations. 2 Distance is no 
longer a significant barrier. Business can be con- 
ducted as quickly and easily halfway around the 
world as it once was up and down Main Street, 
USA. For example, automated electronic business 



1 Some commentators suggest that there may be a subtext in some of the EU activities in this area, including the desire on the part of some to 
create a "Fortress Europe" or to negotiate certain national concerns into taw for the entire EU. (Susan Nycum, attorney, Baker & McKenzic, 
personal communication. June 1 994.) Others question whether it is possible to fairly evaluate the motivations for the EU approach to determine 
whether they arc due to cultural differences or economic competition, (Richard Gravcman. Member of Technical Staff. Bellcore, personal com- 
munication, April 1994.) 

2 U.S. Congress. Office of Technology Assessment. Electronic Enterprises: Looking to the Future, OTA-TCT-GOO (Washington, DC: U.S. 
Government Printing Office, May 1994), 
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transactions, such as Electronic Data Interchange 
(EDI), enable businesses to contract for sale of 
goods electronically, process purchase orders, in- 
voice for the transaction, and issue shipping no- 
tices in a one-step process. EDI is available to 
businesses that can access a network with the req- 
uisite hardware and software for generating mes- 
sages and forms with a standard EDI format. EDI 
has existed since the 1970s; though its use contin- 
ues to grow, it is only an evolutionary step in the 
development of the electronic marketplace in the 
global economy. In the future, data and informa- 
tion will flow freely among international trading 
partners and firms as electronic commerce dis- 
places the traditional forms of business transac- 
tions. However, the universal acceptance of 
networks for transacting business requires securi- 
ty measures to ensure the privacy needed for com- 
mercial transactions in a global competitive 
environment. Security measures that provide as- 
surance that the authenticity and integrity of a 
communication have not been compromised will 
tend to support the enforceability of agreements 
by the legal system. 

While electronic computer messaging technol- 
ogy allows many business transactions to be han- 
dled in a paperless fashion, the law of contract and 
commerce is still based on a paper system para- 
digm. As a result, businesses confront new legal 
issues as they implement electronic trading sys- 
tems. Among these are questions regarding con- 
tractual writing requirements, legally binding 
signatures, and use of electronic communications 



as evidence of a contract. Government and indus- 
try can only make use of these capabilities if elec- 
tronic transactions are secure and enforceable. 
The security issues that must be dealt with are: 
1 ) requirements for authentication of the source of 
a transaction, 2) assurance that the message con- 
tent is unaltered., 3) prevention of disclosure of the 
transaction to unauthorized persons, and 4) verifi- 
cation of receipt of the transaction by the intended 
trading partner. 

I Statute of Frauds and Electronic 
Commerce: The Writing and 
Signature Requirement 

The Statute of Frauds was developed primarily to 
discourage fraud and perjury in proving the exis- 
tence and content of a contract. Its essential func- 
tion is to bar proof of certain contracts unless a 
sufficient writing exists for certain transactions. 3 
The Statute of Frauds demands at least some evi- 
dence of a contract; a party may not claim that an 
oral contract or modification was made without 
submitting some proof. One method of proof is 
that the contract be memorialized, i.e., set forth 
with certainty, in a signed writing. 

Section 2-201 of the Uniform Commercial 
Code (U.C.C.) (for discussion of the U.C.C. and 
security requirements, see box 3-1), which is the 
U.C.C.'s Statute of Frauds, requires that all con- 
tracts for the sale of goods over $500 be in a writ- 
ing sufficient to indicate that a contract for sale has 
been made and signed by the party, or the party's 
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BOX 3-1: The Uniform Commercial Code and Network Security 



Article 4A of the Uniform Commercial Code, which regulates electronic funds transfers, is an exam- 
ple of a provision that creates an incentive for parties to implement commercially reasonable security 
procedure, to detect fraud. 1 Section 4A-201 defines a security procedure as follows: 

[A] procedure established by agreement of a customer and a receiving bank for the purpose of (i) verifying 
that a payment order or communication amending or canceling a payment order is that of the customer, or 
detecting error in the transmission or the content of the payment order is that of the customer, or (iii) detecting 
error in the transmission or the content of the payment order or communication. A security procedure may require 
the use of algorithms or other codes, identifying words or numbers, encryption, callback procedures, or similar 
security devices. 2 

Security procedures are specifically referred to in section 4A-205, which governs erroneous payment 
orders, and sections 4A-202 and 4A-203, which govern the authorization and verification of payment 
orders. 3 Although the decisions of whether and to what extent security procedures will be used are left 
to the parties, 4 these sections are drafted to provide incentive to boih parties to the transaction to im- 
plement security procedures. 

Section 4A-205 provides the party sending an order electronically with incentive to bargain for the 
implementation of security procedures. Under section 4A-303, the sender of an erroneous or incorrect 
order is, generally, liable 5 Section 4A-205, however, allows the sender to shift the risk of loss to the 
receiving bank if. 1) the sender and receiver have implemented security procedures; 2) the sender can 
prove that the sender or the person acting on the sender's behalf complied with the security proce- 
dures, and; (3) had the receiving bank also complied, the errors would have been detected 6 Section 
4A-205 does not apply unless both parties agree to the implementation of security procedures. 7 Securi- 
ty measures are not effective uniess both the sender and the receiver comply with the procedure. 8 



1 William Lawrence. "Expansion of the Uniform Commercial Code: Kansas Enacts Article 4A." vol 59. Kansas Bar Association 
Journal, at 27. 33. (September 1990) 

2 Uniform Commercial Code Section 4A-201 (1992) 
3 lbtd .sec 4A-201 comment 

4 Ibid . sec 4A-205 comment 1 

5 Ibid , sec 4A-303 

6 Ibid . sec 4A-205(a)(1) and comment 2 to 4A-205 

7 U C C sec 4A-205 comment 1 

8 Ibid . sec 4A-205 comment 2 



authorized agent or broker, against whom enforce- 
ment is sought. 4 The comment to section 2-201 
states that a writing sufficient to satisfy the section 
must meet only three "definite and invariable" re- 



quirements: the writing must evidence a contract 
for the sale of goods, must be signed, which in- 
cludes any authentication identifying the party to 
be charged, and must specify the quantity. 5 



4 An increasingly important area of inqu ry in the discussion of electronic commerce pertains to electronic transactions when the subject 
matter of the transfer is information. An example of such a question is: what type of contracting will occur when, through use of electronic 
search tools (e.g., "gophers") information databases can be sought out, entered, and data extracted (for a fee), without any direct human involve- 
ment in accepting or rejecting a contract. For further analysis of such issues, see R. Nimmcr and P. Krauthaus, "Information as Property Data- 
bases and Commercial Property." International Journal oflxtw and Information Technology, vol, I, No. 1, 1993, p. 3; and R. Nimmcr and 
P. Krauthaus. "Information as Commodity: New Imperatives of Commercial Law," t aw and Contemporary Problems, vol, 55. No, 3. summer 
1992. p. 3. 

5 U.C.C. section 2-201. comment 1 (1992). 
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.BOX 3-1 (cont'd.): The Uniform Commercial Code and Network Security 



Similarly, section 4A-202 provides the receiving bank with an incentive to use security procedures. 
Under subsection b, the receiving bank can shift the risk of loss to the customer if an unauthorized 
payment order is accepted by the receiving bank in compliance with commercially reasonable security 
procedures. 9 

Under Article 4A, what constitutes "commercially reasonable" security measures is a question of 
law. 10 Factors important in this analysis include the type of customer, the frequency and size of the 
customer's payment orders, and the security procedures used by similar banks and customers 11 The 
purpose of subsection b is not to make banks ensure against fraud, but rather to encourage them to 
use commercially reasonable safeguards against fraud 12 

Article 4A also provides parties with an incentive to keep codes and procedures confidential and 
computer access guarded. A person who fraudulently breaches a commercially reasonable security 
procedure must have knowledge of how the procedure works as well as the codes and identifying de- 
vices 13 Such a person must also have access to the transmitting facilities, either through open comput- 
er terminals or other software 14 If the customer can prove that the person committing the fraud did not 
receive such confidential information from the customer or the source controlled by the customer, the 
loss shifts to the bank. 15 

A receiving bank needs objective criteria in order to determine whether it should act on a payment 
order. 16 A comment to section 4A-203 suggests types of security measures parties may use 17 Bank 
employees may be trained to "test" a payment order, or customers may designate guidelines for the 
bank's acceptance of payments, such as limiting payments to authorized accounts, amounts or benefi- 
ciaries 18 



9 Ibtd . sec 4A-203 comment 5 and sec 4A-202(b) 

10 Ibid . sec 4A-202(c) and 4A-203 comment 4 

11 Ibid .sec 4A-202(c) 

12 Ibid . sec 4A-203 comment 4 

13 Ibid . sec 4A-203 comment 5 

14 Ibid 

1b Ibid . sec 4 A- 203(a)(2) & comment 5 

15 Ibid . sec 4 A- 203 comment 3 

17 Ibid 

18 Ibid 



In evaluating electronic communications, the 
question arises whether there is a writing and a 
signature as required by U.C.C. section 2-201. 
Section 1 -20 1 (39) defines signed as including any 
symbol executed or adopted by a party with pres- 
ent intention to authenticate a writing. Section 
1-201(46) defines written as including printing, 
typewriting, or any other intentional reduction to 
tangible form. 6 



One of the primary goals of electronic messag- 
ing is the elimination of paper transactions, which 
ultimately means the elimination of conventional 
writings. Maintaining a paper trail to guard 
against possible problems with the Statute of 
Frauds diminishes the objectives of computer 
contracting. No judicial decision answers the 
question of whether electronic communication 



6 Electronic Messaging Services Task Force, Committee on the Uniform Commercial Code, "The Commercial 'Jr.c of Electronic Data Inter- 
change — A Report.'* 45 Business Uwyer 1645. at 1682 (June 1990). 
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satisfies the Statute of Frauds writing and signing 
requirements. 7 

In addition, no clear conventions or rules con- 
trol the formation of contracts via electronic mes- 
saging. Statutes and regulatior governing the 
enforceability and recording of business transac- 
tions generally refer to documents, writings, and 
signatures — not electronic messages, data logs, 
and authorization codes. 8 To eliminate any ques- 
tion about writing requirements and the legality of 
signatures, parties can enter into a trading partner 
agreement. With respect to writing requirements, 
such an agreement may adopt one or more of sev- 
eral different provisions. The agreement may: 
1) redefine the term writing; 2) provide that the 
parties not challenge the validity of electronic 
messages merely on the basis that they are in elec- 
tronic form; and 3) provide that the parties accord 
electronic messages the same status as paper mes- 
sages. Trading partner agreements can also elimi- 
nate questions about the legality of electronic sig- 
natures, by providing that specified electronic 
codes serve as effective signatures.^ N One means 
by which this can be accomplished involves what 
are called digital signatures. See below and chap- 
ter 4). 

In the absence of trading partner agreements, 
contracting parties must await court decisions of 
changes in laws to assure trading partners that 
electronic contracts would not be rendered unen- 
forceable. Legislative modifications have been 
proposed. 10 Among these are: 



■ change the U.C.C's definition of a writing to 
include properly communicated electronic 
communications as reduced to tangible form; 

■ change the definition of signed to include prop- 
er, nonreputable electronic signatures; 

■ define electronic signatures; 

■ delete the use of the word authenticate from the 
definition of signed or define it; and 

■ define identify in the definition of signed. 1 1 

The National Conference of Commissioners on 
Uniform State Laws is currently undertaking a re- 
vision of U.C.C. Article 2. Among the current 
draft proposals is to eliminate the Statute of 
Frauds entirely for sales of goods. The basis for 
this proposition includes the conclusion that the 
Statute of Frauds does not protect the important 
interests in the modern contract or commercial en- 
vironment, but does prevent assertion of some 
otherwise valid claims. 12 

I Electronic Commerce and the Rules 
of Evidence: Data Integrity and 
Nonrepudiatlon 

For an electronic message to survive a challenge 
to its authenticity, a party must prove the message 
originated from the sender and was not altered af- 
ter dispatch from the sender. Evidence of adequate 
safeguards enhance the reliability of records, the 
ability to prove substantive terms of the commer- 
cial transaction, and the likelihood that the com- 
puter record will be admitted into evidence to 



7 D.L. Wilkerson, "Electronic Commerce Under the U.C.C. Section 2-201 Statute of Frauds: Are Electronic Messages Enforceable?" 41 
Kansas Law Review 407-408 (1992). 

8 Ibid. 

9 An United Nations Commission on International Trade Law (UNCITRAL) Working Group on Electronic Data Interchange is currently 
drafting a set of Uniform Draft Rules on these issues (see A/CN.9/WG.IV/WP.60, Jan. 24, 1994) tor adoption by national legislators when re- 
viewing legislation. The American Bar Association Section of Science and Technology, Information Security Committee is also drafting rules 
of practice and commentary on certification authorities for a global public key infrastructure. 

10 While some would suggest wholesale elimination of the statute, doing so would affect more than electronic contracts and would consti- 
tute a significant change in the U.C.C. It would also require support form the legal community. Modifying the statute to address a subset of 
electronic communications is believed by some to be a more pragmatic approach. 

1 1 M. Baum. "Electronic Contracting in the U.S.: The Legal and Control Context:* EDI and the Law, I. Waldcn (ed.) (London: Blenheim 
Online. 1989). p. 135. 

12 Raymond T. Nimincr. University of Houston Law Center, personal communication. July 1994. 
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show a writing in accordance with U.C.C. section 
2-201 . If a party fails to show that it has reasonably 
protected its business records and data, its credi- 
bility would be damaged should it assert its re- 
cords to be superior to the records of another party 
that properly guarded its records. Without proper 
controls, a recipient or other third party can alter 
electronic mail messages, which renders the com- 
puter printout unreliable as evidence. However, 
the burden of proof of establishing that messages 
have been properly handled may be imposed on 
different parties in different circumstances, 
whether sender, recipient, or third-party challeng- 
er. The characteristics associated with the eviden- 
tiary value of electronic documents are often 
asserted to be essentially the same as those 
associated with maintaining the security of the in- 
formation. This need to show adequate controls is 
similar in the field of trade secret law. 13 

Case law concerning the admissibility of com- 
puter printouts supports the proposition that com- 
puter data can be sufficiently reliable to provide 
trustworthy evidence of the existence of a con- 
tract. For instance, courts rarely have excluded re- 
liable computer evidence under the best evidence 
rule, which generally requires that only the origi- 
nal writing be admitted into evidence. Rule 
1001(3) of the Federal Rules of Evidence states: 
"If data are stored in a compute ^ similar device, 
any printout or other output readable by sight, 
shown to reflect the data accurately, is an 'origi- 
nal.'" 

Computer data compilations are admissible as 
business records under rule 803(6) if a party estab- 
lishes the proper foundation for the reliability of 
the records. Business records must be kept in the 
course of regularly conducted business activity. In 



addition, records are reliable only to the extent 
they are compiled conscientiously and consistent- 
ly. 14 Rule 803(6) requires that an opposing party 
has an opportunity to inquire about production, 
maintenance, and accuracy of the records, to en- 
sure that records admitted into evidence are trust- 
worthy. 

Electronically filed federal records are often of- 
fered as business records prepared in the ordinary 
course of business. 15 The proponent offering the 
evidence seeks to demonstrate the authenticity 
and reliability of the information, and the oppo- 
nent tries to challenge those assertions: 

[T]he foundation for admission of (computer 
records) consists of showing the input proce- 
dures used, the tests for accuracy and reliability 
and the fact that an established business relies on 
the computerized records in the ordinary course 
of carrying on its activities. The (opposing) 
party then has the opportunity to cross-examine 
concerning company practices with respect to 
the input and as to the accuracy of the computer 
as a memory bank and retriever of information 
. . . [T]he court (must) "be satisfied with all rea- 
sonable certainty that both the machine and 
those who supply its information have per- 
formed their functions with utmost accuracy . . . 
[T]he trustworthiness of the particular records 
should be ascertained before they are admitted 
and ... the burden of presenting an adequate 
foundation for receiving the evidence should be 
on the parties seeking to introduce it rather than 
upon the party opposing its introduction." 16 

Thus, the law of evidence in this context re- 
quires the following: 



13 Assertion of a trade secret "often entails establishing that affirmative and elaborate steps were taken to insure that the secret claimed 
would remain so." Amoco Production Company v. Lind!ey\ 609 P. 2d 733 (Okla. 1980) 

14 The defendant in United State s v. Briscoe. 896 F.2nd 1476 (7th Cir. 1990) argued that, as shown in United States v. Weatherspoon, 581 
F.2nd 595 (7th Cir. 1 978) computers must be tested for internal programming errors on a monthly basis. Hie Briscoe court held that, although 
such evidence was presented in Weather spexm, the admission of computer records does not require such a showing. 

15 P.N Weiss, "Security Requirements and Evidentiary Issues in the Interchange of Electronic Documents: Steps Toward Developing a Se- 
curity Policy," Worldwide Electronic Commerce — Confercnrc Proceedings (New York, NY: Jan. 16-18, 1994), p 220. 

16 United States v. Russo, 480 F. 2d 1 228 (6th Cir. 1 973). > 
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1 . proof that an electronic communication actual- 
ly came from the party that it purports to come 
from; 

2. proof of the content of the transaction, namely, 
the communications that actually occurred be- 
tween the parties during the contract formation 
process; 

3. reducing the possibility of deliberate alteration 
of the contents of the electronic record of the 
transactions; and 

4. reducing the possibility of inadvertent alter- 
ation of the contents of the electronic record of 
the transactions. 17 

These concerns about the authenticity of the 
identification of the originator, with the integrity 
of the content of the communication, and reducing 
the likelihood of alteration, which are at the heart 
of the law of evidence, are the same concerns that 
must be addressed in the context of electronic 
commerce. Security measures that provide assur- 
' ance that the authenticity and integrity of a com- 
£ munication have not been compromised will also 
provide a high degree of confidence that the con- 
tents of the communication will be admissible as 
evidence, 18 

Nonrepudiation 

A paper contract typically provides identification 
of the parties executing the contract, incorporating 
their wet signature, thus verifying their identity 
and intent to be bound to particular terms. The 
document is typically dated, and each party re- 



ceives a copy of the document with both his or her 
signature and that of the other party. 19 In the world 
of electronic commerce, authenticity and integrity 
services generally do not provide all of the guaran- 
tees to both parties that they normally receive in 
the world of paper transactions. Most electronic 
messaging mechanisms for integrity and authen- 
ticity provide identification of the parties only in 
a fashion suitable for verification by the other con- 
tractual party, not by an independent third party 
such as a court, 20 

Nonrepudiation is an attempt to match the as- 
surances provided by a well-executed, paper- 
based contract, 21 prevent a document's originator 
from denying the document's origin, and provide 
proof of authenticity. 22 

Nonrepudiation may be provided in whole or in 
part through the use of one or more of mechanisms 
such as digital signatures, data integrity, and certi- 
fying authorities, with support from other system 
services such as time stamping. The nonrepudi- 
ation can be achieved by using a combination of 
these mechanisms and services to satisfy the secu- 
rity requirements of the application in question. 
The goal is to collect, maintain, make available, 
and validate nondeniable proofs regarding data 
transfers between the originator and recipient, 
thus establishing legal obligations that serve elec- 
tronic practices. 

Time-Stamping 

The time a transaction is initiatied or is submitted 
to an electronic messaging system, as well as the 



17 M. Baum and H. Pcrritt. Electronic Contracting. Publishing <$ EDI Iaw (New York. NY: John Wiley & Sons, Inc.. 1991 ). section 6.23. 

18 P. N. Weiss, op. cit.. footnote 15, p. 221. 

19 Steven Kent. Chief Scientist. Security Technology, Bolt Beranek and Newman. Inc.. personal communication. May 1994. 

20 Some express the concern that more demands will be placed on the electronic media than is expected of non-electronic media, since in 
modem commerce the idea of a well-executed paper transaction is often not met, irrespective of the influence of electronics. For example, the 
current Statute of Frauds is not applicable to cases where goods contracted for have been delivered. Similarly, in the absence of a "writing." 
entirely oral evidence is admissible about the tenor and terms of a contract. Finally, in many modern cases, even if a writing claims to be the 
integrated statement of the agreement and is signed and available, the parties are often allowed to enter evidence outside the writing to reflect the 
meaning of the contract. (Raymond T. Nimmer, University of Houston Law Center, personal communication. July 1994.) 

21 Ibid. 

22 M, Baum. "Linking Security and the Law," Worldwide Electronic Commerce — Conference Proceedings (New York. NY. Jan. 16-18, 
1994). p. 295. 
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time when a message is received by a third party 
or acted upon by a recipient, may be critical in 
some instances. Examples of such cases include 
electronic submission of bids or cases where the 
first to file a response wins. Some contend that 
there is little need for a trusted third party in such 
instances, since the recipient would be the trusted 
entity and the time would be determined by the re- 
cipient (e.g., the moment the message entered the 
recipient's electronic mailbox), others believe that 
the audit trail maintained may not be sufficiently 
trustworthy, since internal clocks in the system are 
subject to inaccuracies, failures, or tampering. 

For example, two parties to a contract could use 
the Data Encryption Standard Message Authenti- 
cation Code (DES MAC) 23 function and suitable 
key management to achieve authenticity and in- 
tegrity for their EDI messages, but each could 
change his or her local record of the transaction 
and neither could, on purely technical grounds, 
prove who tampered with the transaction (also see 
discussion in box 4-4). 7A Moreover, some argue 
that because digital signatures are created using 
secret keys that can be disclosed, either acciden- 
tally or maliciously, a time context must be 
associated with any digital signature if it is to be 
treated as authentic and comparable to a paper- 
based signature. Time context is not an added fea- 
ture relevant only to time-sensitive transactions, 



they contend, but an essential aspect of all digital 
signatures used for nonrepudiation. 25 However, 
others contend that certification authorities can 
provide this assurance of authenticity. 26 

The inherent limitation of the use of digital sig- 
natures is their inability to provide time-related 
nonrepudiation. While a digital signature attached 
to a message will have a time-stamped audit trail 
through the network, digital signatures cannot, in 
the absence of a trusted entity, provide an unforge- 
able, trusted time stamp. To achieve full nonre- 
pudiation, certification must be undertaken by a 
disinterested party beyond the control of the par- 
ties to a transaction or record. Such a third party 
is called a trusted entity. 21 

The key attributes of a trusted entity are that it 
is a disinterested third party trusted by the parties 
to the transaction and subject to the dispute resolu- 
tion mechanisms relevant to a transaction or re- 
cord. A trusted entity's administrative, legal, 
operational, and technical infrastructure must be 
beyond question. A trusted entity can perform any 
of a variety of functions to facilitate electronic 
contracts. Among these functions are: 1) produc- 
ing a document audit trail, 2) storing a record copy 
of electronic documents, 28 3) providing time and 
date stamps, or 4) generating authentication certif- 
icates to ensure the identity of the communicating 



2y The Data Encryption Standard (DES) is a published, federal information processing standard (FIPS) for use in protecting unclassified 
computer data and communications. It has also been incorporated in numerous industry and international standards. The encryption algorithm 
specified by the DES is called the Data Encryption Algorithm (DEA). This algorithm is what is called a symmetric, private-key algorithm, also 
referred to as a secret key algorithm (see box 4-3 ). The DES (FIPS PUB 46-2) can be used in message authentication to create a message authen - 
licalion code (MAC) that is appended to the message before it is sent. Use of DES in what is called the Data Authentication Algorithm is speci- 
fied in FIPS PUB 1 1 3 ("Computer Data Authentication:' 1985). Message authentication (e.g.. of electronic funds transfers) using the DEA is 
standard in banking and the financial community. 

24 Steven Kent, Chief Scientist. Security Technology. Bolt Beranek and Newman. Inc.. personal communication. May 1994. 

25 Ibid. Some commentators disagree with this approach, contending that what is important is to know when a message is made, so that the 
time of its making can be compared to a list of revoked keys. However, if that revocation list is automatically queried upon receipt of the mes- 
sage, actual time would not matter, only relative time (revocation listing versus message receipt). (Charles Miller, attorney. San Francisco. CA. 
personal communication. June 1994.) 

26 Charles Miller, attorney. San Francisco. CA. personal communication. June 1994. 

27 M. Baum. op. cit.. footnote 22. p. 296 

28 Some commentators argue that storage of record copies of electronic documents is not necessarily a good idea; some might not favor 
allowing a third party to hold documents independently and suhject to subpoena. (Charles Miller, attorney. San Francisco. CA. personal com- 
munication, June 1994.) 
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parties. 29 These functions may be provided by dif- 
ferent entities, some of whom are trusted by all 
parties, and some trusted by only some parties. 30 
Some suggest that the functions ascribed to the 
trusted third party can be provided by the value- 
added netwo/k providers; 31 however, the extent to 
which these responsibilities and the attendant li- 
ability will be assumed by such enterprises is un- 
clear. Other entities that might take on these 
responsibilities include the U.S. Postal Service 
and the banking industry. In contrast to the courts' 
treatment of conventional, paper-based transac- 
tions and records, little guidanc. is offered as to 
whether a particular safeguard technique, proce- 
dure, or practice will provide the requisite assur- 
ance of enforceability in electronic form. This 
lack of guidance concerning security and enforce- 
ability is reflected in the diversity of security and 
authentication practices used by those involved in 
electronic commerce. 



Legal standards for electronic commercial 
transactions have not been fully developed and 
these issues have undergone little review in the 
courts. Therefore, action by Congress may not be 
warranted now. However, Congress may wish to 
monitor this issue, so that these concerns are con- 
sidered in future policy decisions about informa- 
tion security. 

PROTECTION OF INFORMATION PRIVACY 
AND THE PROBLEM OF TRANSBORDER 
DATA FLOW 

I Development of a Right to Information 
Privacy in the United States 

Although a right to privacy is not set forth in the 
Bill of Rights, the U.S. Supreme Court has pro- 
tected various privacy interests. The Court found 
sources for a right to privacy in the First, 32 
Third, 33 Fourth, 34 Fifth, 35 Ninth, 36 and 14th 



29 M. Baum, op. cit., footnote 1 1 , p. 135. 

30 For example, time-stamp notarization requires a widely trusted entity. However, that entity need not archive the documents it time-stamps 
and it is often held that the time-stamper should not even have access to the original documents for any purpose beyond hashing values of the 
documents. In the paper world, under U.S. law, copies of contracts are retained by the parties to the contract, but not by mutually trusted third 
parties. The Latin Notaraire approach to contracts is different and would have the third party hold the documents, but this is not a universal 
approach. Similari • the generation of (public-key) certificates can be undertaken by a set of entities completely separate from those who support 
the time-stamping function. 

31 Ian Walden.Tarlo Lyons Information Technology Law Research Fellow, Centre for Commercial Law Studies, Queen Mary and Westfield 
College, University of London, personal communication, April 1994. 

32 The First Amendment provides: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise 
thereof; or abridging the freedom of speech, or of the press, or the right of the people peaceably to assemble, and to petition the Government for a 
redress of grievances." 

33 The Third Amendment provides: "No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in 
time of war. but in a manner to be prescribed by law." 

34 The Fourth Amendment provides: 'The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable 
searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particu- 
larly describing the place to be searched, and the persons or things to be seized." 

35 The Fifth Amendment provides: "No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or 
indictment of a Grand Jury, except incases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public 
danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb, nor shall be compelled in any criminal case 
to be a witness against himself, nor be deprived of life, liberty, or property; without due process of law; nor shall private property be taken for 
public use without just compensation." 

36 The Ninth Amendment provides: "The enumeration in the Constitution of certain rights shall not be construed to deny or disparage others 
retained by the people." 
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Amendments. 37 The concept of privacy as a legal 
interest deserving an independent remedy was 
first enunciated in an article coauthored by Samu- 
el Warren and Louis Brandeis in 1890, which de- 
scribes it as "the right to be let alone." 38 Since the 
late 1 950s, the Supreme Court has upheld a series 
of privacy interests under the First Amendment 
and due process clause, for example "association- 
al privacy," 39 "political privacy/'^and the "right 
to anonymity in public expression." 41 The Fourth 
Amendment protection against "unreasonable 
searches and seizures" also has a privacy compo- 
nent. In Katz v. United States, the Court recog- 
nized the privacy interest that protected an 
individual against electronic surveillance. But the 
Court cautioned that: 

... the Fourth Amendment cannot be translated 
into a general constitutional "right to privacy." 
That Amendment protects individual privacy 
against certain kinds of governmental intrusion, 
but its protections go further and often have 
nothing to do with privacy at all. Other provi- 
sions of the constitution protect personal priva- 
cy form other forms of government invasion. 42 

The Fifth Amendment protection against self-in- 
crimination involves a right to privacy against un- 
reasonable surveillance by the government or 
compulsory disclosure to the government. 43 

Until Griswold v. Connecticut, 381 U.S. 479 
(1965), any protection of privacy was simply 
viewed as essential to the protection of other more 
well-established rights. In Griswold, the Court 
struck down a Connecticut statute that prohibited 



the prescription or use of contraceptives as an in- 
fringement on marital privacy. Justice William O. 
Douglas, in writing the majority opinion, viewed 
the case as concerning "a relationship lying within 
the zone of privacy created by several fundamen- 
tal constitutional guarantees," that is, the First, 
Third, Fourth, Fifth and Ninth Amendments, each 
of which creates "zones" or "penumbras" of priva- 
cy. The majority supported the notion of an inde- 
pendent right of privacy inherent in the marriage 
relationship. Not all agreed with Justice William 
O. Dotfgias as to its source; Justices Arthur Gold- 
berg, Earl Warren, and William Brennan preferred 
to locate the right under the Ninth Amendment. 

In Eisenstadt v. Baird, 405 U.S. 438 (1972), 44 
the Court extended the right to privacy beyond the 
marriage relationship to lodge in the individual: 

If the right of the individual means anything, 
it is the right of the individual, married or single, 
to be free from unwarranted governmental intru- 
sion into matters so fundamentally affecting a 
person as the decision whether to bear or beget a 
child. 

Roe v. Wade, 410 U.S. 1 13 (1973) 45 further ex- 
tended the right of privacy "to encompass a 
woman's decision whether or not to terminate her 
pregnancy." The Court argued that the right of pri- 
vacy was "founded in the Fourteenth Amend- 
ment's concept of personal liberty and restrictions 
on State action." The District Court had argued 
that the source of the right was the Ninth Amend- 
ment's reservation of the right to the people. 



37 The 1 4th Amendment provides in pertinent part, "No State shall deprive ant person of life, liberty, or property, without due process of law; 
nor deny to any person within its jurisdiction the equal protection of the laws." 

38 Warren & Brandeis, "The Right to Privacy," 4 Harvard Law Review 193 (1890). 

39 NAACP v. Alabama. 357 U.S. 449 (1958). 

40 Watkins v. United States. 354 U.S. 178 (1957); and Sweezy v. New Hampshire. 354 U.S. 234 (1957). 

41 Talley v. California. 362 U.S. 60 (1960). 

42 Katz v. United States, 389 U.S. 347, 350 (1 967). 

43 Sec Escobedo v. Illinois. 378 U.S. 478 (1964); Miranda v. Arizona, 384 U.S. 436 (1966); and Schmerber v. California. 384 U.S. 757 
(1966). 

44 In which the Court struck down a Massachusetts law that made it a felony to prescribe or distribute contraceptives to single persons. 

45 In which the court struck down the Texas abortion statute. 
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To this point, the Supreme Court addressed the 
question of privacy only as it applied to very spe- 
cific kinds of human conduct. In the earliest case 
that raised the issue of the legitimate uses of com- 
puterized personal information systems, the Su- 
preme Court avoided the central question of 
whether the Army's maintenance of such a system 
for domestic surveillance purposes "chilled" the 
first amendment rights of those whose names 
were contained in the system. 46 In two cases de- 
cided in 1976, the Court did not recognize either 
a constitutional right to privacy that protected er- 
roneous information in a flyer listing active shop- 
lifters 47 or one that protected the individual's 
interests with respect to bank records. In Paul v. 
Day is, the Court specified areas of personal pri- 
vacy considered "fundamental": 

. . . matters relating to marriage, procreation, 
contraception, family relationships, and child 
rearing and education, 

Respondent Davis' claim of constitutional protec- 
tion against disclosure of his arrest on a shoplift- 
ing charge was "far afield from this line of 
decision" and the Court stated that it "declined to 
enlarge them in this manner." 48 In United States 
v. Miller* 9 the Court rejected respondent Miller's 
claim that he had a Fourth Amendment reasonable 
expectation of privacy in the records kept by 
banks "because they are merely copies of personal 
records that were made available to the banks for 
a limited purpose," and ruled instead that checks 
are not confidential communications but negotia- 
ble instruments to be used in commercial transac- 
tions." In response to United States v. Miller, 
Congress enacted the Financial Privacy Act of 
1 978^0 (p u biic Law 95-630), providing bank cus- 



tomers with some privacy regarding records held 
by banks and other financial institutions and pro- 
viding procedures whereby federal agencies can 
gain access to such documents. Congress effec- 
tively overruled the Miller holding by requiring 
the government to obtain a subpoena in order to 
access bank records. Because the focus of the 
constitutional right to privacy has traditionally not 
been on privacy of information, statutory provi- 
sions have been enacted to protect specific kinds 
of information, including the Family Educational 
Rights and Privacy Act of 1 974 (popularly known 
as the Buckley Amendment) 51 to protect the pri- 
vacy of records maintained by schools and col- 
leges; the Fair Credit Reporting Act, to protect the 
privacy of consumers in the reporting of credit in- 
formation; 52 and the Federal Videotape Privacy 
Protection Act. 53 

I The Privacy Act 

Congress enacted the Privacy Act of 1 974 (Public 
Law 93-579) to provide legal protection for and 
safeguards on the use of personally identifiable in- 
formation maintained in federal government re- 
cord systems. (See box 3-2 for discussion of 
privacy and confidentiality.) The Privacy Act es- 
tablished a framework of rights for individuals 
whose personal information is recorded and the 
responsibilities of federal agencies that collect 
and maintain such information in Privacy Act re- 
cord systems. The Privacy Act embodies prin- 
ciples of fair information practices set forth in 
Computers and the Rights of Citizens, a report 
published in 1973 by the former U.S. Department 
of Health, Education, and Welfare. These prin- 
ciples are as follows: 



46 Uird v. Tatum, 408 U.S. I (1972). 

47 Paul v. Davis. 424 U.S. 693 (1976). 

48 Ibid., p. 713. 

49 United States v, Miller, 425 U.S. 435 (1976). 

50 Public Law 95-630, title XI, 92 Stat. 3697. Nov. 10. 1978. et seq. 

51 Public Law 93-380. title V, sec. 513. 88 Stat. 571. Aug. 21. 1974. 

52 Public Law 9 1 -508. title VI. sec. 60 1 . 84 Stat. 1 1 28. Oct. 26. 1 970, et seq. 

53 Public Law 100-618. sec. 2(a)(l).(2). 102 Stat. 3195. Nov. 5. 1988, et seq. 
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1 . There must be no secret personal data record- 
keeping system. 

2. There must be a way for individuals to discover 
what personal information is recorded and how 
it is used. 

3. There must be a way for individuals to prevent 
information about themselves, obtained for one 
purpose, from being used or made available for 
other purposes without their consent. 

4. There must be a way for individuals to correct 
or amend a record of information about them- 
selves. 

5. An organization creating, maintaining, using, 
or disseminating records of identifiable person- 
al data must assure the reliability of the data for 
its intended use and must take reasonable pre- 
cautions to prevent misuses of the data. 

The Privacy Act gives individuals the right to 
access much of the personal information about 
them kept by federal agencies. It places limits on 
the disclosure of such information to third persons 
and other agencies. It requires agencies to keep 
logs of all disclosures, unless systems of records 
are exempt from the Privacy Act. 54 

The Privacy Act also gives an individual the 
right to request an amendment of most records 
pertaining to him or her if he or she believes them 
to be inaccurate, irrelevant, untimely, or incom- 
plete. The agency must acknowledge the request 
in writing within 10 days of its receipt. It must 
promptly (though no time limit is specified) make 
the requested amendment or inform the individual 
of its refusal to amend, the reasons for the refusal, 
and the individual's right to request a review by 
the agency head. If the individual requests such a 
review, the agency head has 30 days to render a de- 
cision. Should the agency head refuse to amend 
the information, the individual can file a concise 
statement of his or her disagreement with the 
agency decision. Thereafter, the agency must note 
the dispute in the record and disclose this fact, 



along with the individual's statement, whenever 
the record is disclosed. 

The Privacy Act further provides that the indi- 
vidual can pursue his disagreement, and indeed 
any noncompliance by an agency, with a civil suit 
in Federal District Court. He or she can obtain an 
injunction against a noncomplying agency, col- 
lect actual damages for an agency's willful or 
intentional noncompliance, and also be awarded 
attorney's fees and costs if he or she "substantially 
prevails" in any such action. Agency personnel 
are criminally liable for willful noncompliance; 
the penalty is a misdemeanor and a fine of up to 
$5,000. There have been few cases in which a 
complainant has recovered damages. 

The federal agencies also have a responsibility 
to collect only relevant information on individu- 
als, to get the information directly from the indi- 
vidual whenever possible, and to notify the 
individual of several facts at the time the informa- 
tion is requested. Willful failure to comply with 
the notification requirement may result in civil 
and criminal liability. 

The Privacy Act also covers agencies' "system 
of records" and requires an annual, nine-point re- 
port to be published in the Federal Register. The 
report must contain information such as catego- 
ries of records maintained; their routine use; poli- 
cies on their storage and retrieval; and other 
agency procedures relating to the use, disclosure, 
and amendment of records. Agencies also have 
extensive rulemaking duties to implement each 
component of the law. 

The Privacy Act is limited, however, in several 
significant ways. Some believe that a system of 
notification through the Federal Register is 
cumbersome and burdensome to the individual 
who, practically speaking, does not regularly re- 
view the publication, so that notification is not ef- 
fective. The act also places the burden of 
monitoring privacy in information and redressing 



S4 Thc Privacy Act exempts from ihis provision records pertaining to law enforcement. The Privacy Act of 1974 (Public Law 93-579, sec. 
552a(k)(2)), 
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BOX 3-2: The Problem of Definition— Privacy and Confidentiality 



In discussions about privacy and information policy, the terms privacy and confidentiality are often 
used interchangeably. Neither term possesses a single clear definition, and theorists argue variously 
that privacy and confidentiality (and the counterpart to confidentiality, secrecy) may be concepts that 
are the same, completely distinct, or in some cases overlapping. 

While definitions of privacy and confidentiality and distinctions between the two cannot be tightly 
drawn (as indeed, the two terms are not necessarily exclusive of one another) for purposes of this re- 
port, the Office of Technology Assessment will attempt to use the terms in the following ways, largely 
mirroring approaches to the subject matter taken by Alan Westin and Charles Fried. Confidentiality will 
refer to how data collected for approved purposes will be maintained and used by the organization that 
collected it, what further uses will be made of it, and when individuals will be required to consent to 
such uses. It will be achieved, as Anita Allen slates, when designated information is not disseminated 
beyond a community of authorized knowers. 1 According to Allen, confidentiality is distinguished from 
secrecy, which results from the intentional concealment or withholding of information. Privacy will refer 
to the balance struck by society, between an individual's right to keep information confidential and the 
societal benefit derived from sharing the information, and how that balance is codified into legislation 
giving individuals the means to control information about themselves. 

Privacy can be viewed as a term with referential meaning; it typically is used to refer to or denote 
something. But privacy has been used to denote many quite different things and has varied connota- 
tions. As Edward Shils observed 20 years ago: 

Numerous meanings crowd in the mind that tries to analyze privacy, the privacy of private property, privacy 
as a proprietary interest in name and image, privacy as the keeping of one's a : fairs to oneself, the privacy of the 
internal affairs of a voluntary association or of a business; privacy as the physical absence of others who are 
unqualified by kinship, affection or other attributes to be present, respect for privacy as the respect for the desire 
of another person not to disclose or to have disclosed information about what he is doing or has done, the privacy 
of sexual and familial affairs, the desire for privacy as the desire not to be observed by another person or persons; 
the privacy of the private citizen as opposed to the public official; and these are only a few. 

Definitions of privacy may be narrow or extremely broad. One of the best known definitions of priva- 
cy is that set forth by Samuel Warren and Louis Brandeis in a 1890 article that first enunciated the con- 
cept of privacy as a legal interest deserving an independent remedy. Privacy was described as "the 
right to be let alone 2 "In spite of its breadth, this view has been influential for nearly a century. 3 In the 
1960s, 1970s and 1980s, the proliferation of information technology (and concurrent developments in 
the law of reproductive and sexual liberties) has inspired further and more sophisticated inquiry into the 
meaning of privacy. 4 

In his work, Privacy and Freedom? Alan Westin conceived of privacy as "an instrument for achieving 
individual goals of seif realization," and defined it as "the claim of individuals, groups or institutions to 
determine for themselves when, how and to what extent information about them is communicated to 



1 AL Allen. Uneasy Access. Privacy for Women in a Free Society (Totowa. NJ Rowman& Litllefield, 1988). p 24 

2 The term "the right to be let alone" was borrowed from the 19th century legal scholar and jurist Thomas Cooley See T Cooley. 
Law of Torts (2nd Ed. 1888) 

3 Allen argues that if privacy simply meant "being let alone." any form of offensive or harmful conduct directed toward another 
person could be characterized as a violation of personal privacy 

4 Allen, op cit . footnote 1 . p 7 

b A F Westin. Privacy and Freedom (New York. NY Ateneum. 1967) 
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others," approaching the concept in terms of informational privacy. W.A. Parent defined privacy in terms 
of information as "a condition of not having undocumented personal information about oneself known 
by others." 6 

In contrast, Ruth Gavison defines privacy broadly as "limited access in the senses of solitude, se- 
crecy, and anonymity." In her view, privacy is a measure of the extent to which an individual is known, 
the extent to which an individual is the subject of attention, and the extent to which others are in physi- 
cal proximity to an individual. Her definition of privacy was to include: 

. . . such "typical" invasions of privacy as the collection, storage, and computerization of information; the dis- 
semination of information about individuals; peeping, following, watching, and photographing individuals in- 
truding or entering "private" places; eavesdropping, wiretapping, reading of letters, drawing attention to individ- 
uals, required testing of individuals; and forced disclosure of information. 7 

In Computers, Health Records and Citizens Rights, Westin draws a clear distinction between the 
concepts of privacy and confidentiality in the context of personal information. 

Privacy is the question of what personal information should be collected or stored at all for a given social 
function. It involves issues concerning the legitimacy and legality of organizational demands for disclosure from 
individuals and groups, and setting of balances between th'j individual's control over the disclosure of personal 
information and the needs of society for the data on which to base decisions about individual situations and for- 
mulate public policies. Confidentiality is the question of how personal data is collected for approved social pur- 
poses shall be held and used by the organization that originally collected it, what other secondary or further uses 
may be made of it. and when consent by the individual will be required for such uses. It is to further the patient's 
willing disclosure of confidential information to doctors that the law of privileged communications developed. In 
this perspective, security of data involves an organization's ability to keep its promises of confidentiality. 

Allen notes the unsettled relationship between secrecy and privacy in the privacy literature In her 
view, secrecy is a form of privacy entailing the intentional concealment of facts. She claims that it does 
not always involve concealment of negative facts, as is asserted by other privacy scho.drs 8 She points 
to the work of Sissela Bok, who defines secrecy as the result of intentional concealment and privacy as 
the result of "unwanted access." 9 Since privacy need not involve intentional concealment, privacy and 
secrecy are distinct concepts. Privacy and secrecy are often equated because "privacy is such a cen- 
tral part of what secrecy protects." Bok viewed secrecy as a device for protecting privacy. 10 

Charles Fried also discusses the relationship between privacy and secrecy He states that at first 
glance privacy seems to be related to secrecy, to limiting the knowledge of others about oneself. He 
argues for refinement of this notion, stating that it is not true that the less that is known about us the 
more privacy we have He believes, rather, that privacy is not simply an absence of information about 
us in the minds of others, it is the control we have over information about ourselves It is not simply 
control over the quantity of information abroad, it is the ability to modulate the quality of the knowledge 
as well We may not mind that a person knows a general fact about us, and yet we feel our privacy 
invaded if he or she knows the details 1 1 



6 WA Parent. "Recent Work on the Conception of Privacy." American Philosophical Quarterly vol 20. 1983. p 341 

7 R Gavison. "Privacy and the Limits of the Law.** Yale Law Journal, vol 89. 1980. p 421 

8 Ibid 

9 S Bok. Secrets On the Ethics of Concealment and Revelation (New York NY Oxford University Press. 1984). p 10 
Ibid 

n C Pried. "Privacy." Yale Law Journal, vol 77. 1968. pp 474.782 
SOURCE Olficool Technology Assessment, 1994 
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wrongs entirely with the individual, providing no 
government oversight mechanism for the system. 
In addition, the act itself is limited in its applica- 
tion to "routine use" of the record, which refers to 
disclosure of records, not how the collecting 
agency uses those records internally. 55 Many 
commentators have noted that the penalties pre- 
scribed in the act are inadequate, and others com- 
ment that the act contains no specific measures 
that must be in place to protect privacy so that it 
cannot be used to describe what technical meas- 
ures must be taken to achieve compliance. 

Other criticism arises from technological chal- 
lenges to the act's effectiveness and workability. 
When the act was debated and enacted, federal 
agency record systems were still based largely on 
paper documents and stand-alone computer sys- 
tems that were not linked together. Computers and 
telecommunication capabilities have expanded 
the opportunities for federal agencies to use, ma- 
nipulate, and peruse information. There has al- 
ready been a substantial increase in the matching 
of information stored in different databases as a 
way of detecting fraud, waste, and abuse. Net- 
worked systems will further enhance this ability. 
The Computer Matching Act requires that every 
agency conducting or participating in matching 
programs establish a Data Integrity Board. 
Among the responsibilities of these Boards is to 
oversee matching programs in which the agency 
has participated during the year and to determine 
compliance with applicable laws, regulations, and 
guidelines. The are also to serve as a clearing- 
house for receiving and providing information on 



the accuracy, completeness, and reliability of re- 
cords used in matching programs 56 

More recent use of federal agency information, 
in such programs as the Credit Alert Interactive 
Voice Response System, involve more coopera- 
tive interconnection of information across agen- 
cies (see box 3-3). The ability to share databases 
and access systems between federal and state gov- 
ernments is also being developed. All 50 states 
can electronically access Social Security Admin- 
istration (SSA) data 57 While the Internal Reve- 
nue Service (IRS) currently sends magnetic tapes 
to the states in order to share federal tax data, elec- 
tronic access is expected by 1997 or 1998. 58 (See 
box 3-4 for discussion of privacy concerns at the 
Internal Revenue Service.) 

Because of these uses and the ease with which 
they can be accomplished through networked 
computers, the Privacy Act has come under addi- 
tional criticism for its agency-by-agency ap- 
proach to addressing privacy protections. The act 
places responsibility for data protection separate- 
ly on each federal agency. Given the increased 
sharing of data, if privacy protection fails, it is dif- 
ficult under this approach to determine who must 
bear responsibility and who is liable when abuses 
of information occur. Some commentators sug- 
gest that the act be overhauled to reflect the tech- 
nological changes that have occurred since the 
1970s and the new uses of information enabled by 
thnse changes. (See below for a discussion of the 
development and capabilities of computer and 
network technology.) Others believe that clearer 



^ For a discussion of the government's "routine use" of personal information, sec P. Schwartz. "The Computer in German and American 
Constitutional Law: Towards an American Right of Information Self Determination/' The American Journal of Comparative Ijaw, vol. 37. No. 
4. fall 1989. pp. 694-698. 

56 5 U.S.C. 552a(u). 

57 Among the major SSA data exchanges with the states is the Beneficiary Earnings and Data Exchange (BENDEX). which extracts in- 
formation from the Master Beneficiary Record earnings information for the cn'-e nation. Most states check BENDEX before sending a pay- 
ment to a surviving spouse claiming retirement benefits. Another common exchange is the Supplemental Security Income/State Data Exchange 
(SDX). This exchange is an extract of the Supplemental Security Record, the database that stores a person's history on public assistance. Case 
workers use SDX to verify eligibility for public assistance. 

58 26 U.S.C. 6 1 03 enumerates 28 instances in which the IRS can disclose taxpayer information. 
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policy decisions must be made regarding when the 
sharing of information between agencies is ap- 
propriate, and stronger partitions between agency 
data must be established. To facilitate these 
changes, it is suggested that a better forum for pri- 
vacy policy decisions be established to replace the 
data integrity boards already existing in agencies 
that participate in computer matching programs. 

Increased computerization and linkage of in- 
formation maintained by the federal govern- 
ment is arguably not addressed by the Privacy 
'/ Act, which approaches privacy issues on an 
agency-by-agency basis. 

To address these developments: 

■ Congress could and allow each agency to ad- 
dress privacy concerns individually, through 
its present system of review boards. 

■ Congress could require agencies to improve 
the existing data integrity boards, with a char- 
ter to make clearer policy decisions about 
sharing information and maintaining its in- 
tegrity. 

■ Congress could amend the existing law to in- 
clude provisions addressing the sharing and 
matching of data, or restructure the law over- 
all to track the flow of information between 
institutions. 

■ Congress could provide for public access for 
individuals to information about themselves, 
and protocols for amendment and correction 
of personal informatic 71. It would also consid- 
er providingfor online publication of the Fed- 
eral Register to improve public notice about 
information collection and practices. 

In deciding between courses of actions, Con- 
gress could to exercise its responsibility for over- 
sight through hearings and/or investigations, 
gathering information from agency officials in- 
volved in privacy issues, as well as citizens, in or- 
der to gain a better understanding of what kinds 
of actions are required to implement better custo- 
dianship, a minimum standard of quality for pri- 



BOX 3-3: The CAIVRS Program 



The Credit Aiert Interactive Vo ce Response 
System (CAIVRS) is a screening program aimed 
at preventing people who do not repay federal 
loans from obtaining new loans. CAIVRS in- 
cludes delinquent debtor data from the depart- 
ments of Agriculture, Education, Housing and Ur- 
ban Development (HUD) and Veterans Affairs 
(VA) and the Small Business Administration. Be- 
gun by HUD in 1987, it contains information on 
home, property, and mobile home loans, and is 
now used by the VA for screening loan applica- 
tions in its housing program. CAIVRS allows 
lenders such as mortgage bankers to phone in 
to the database. The lenders enter a password, 
then punch in the Social Security number of the 
person seeking credit. The system reviews its 
data and responds. 

The system is comparable to a credit-card 
check before a buyer makes a credit purchase in 
a store. If the lender gets a "hit," he or she can- 
not grant a new loan and must ask HUD to re- 
view the loan application In the first 10 months 
of 1993, CAIVRS handled 2 3 million inquiries 
and recorded 30,000 "hits" on applicants with 
problem credit histories 

SOURCE Office of Technology Assessment. 1994 



vacy protection, and notice to individuals about 
use and handling of information. 

I Privacy and Computerization 

American legal scholars first considered the im- 
pact of computerization on privacy more than 20 
years ago. Soon after, the U.S. Privacy Protection 
Study Commission, under a congressional char- 
ter, extensively studied privacy rights in the 
emerging information society. The commission 
focused on eight sets of recordkeeping relation- 
ships and found that privacy was not protected sat- 
isfactorily from cither government or industry 
intrusions. While the commission noted privacy 
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BOX 3-4: Security and Privacy Concerns at the Internal Revenue Service 



The Internal Revenue Service's (IRS's) long-term project to modernize its computer system, the Tax 
Systems Modernization (TSM) Program, began in 1988 and is projected to require a net capital invest- 
ment of over $8 billion by 2008. Information security has been a major issue in this process; the IRS has 
been faulted for privacy violations in its existing system and has been charged with showing little prog- 
ress in addressing privacy concerns about the confidentiality of taxpayer records as it proceeds with 
TSM The IRS counters that it is aggressively addressing these but additional safeguards could poten- 
tially make the system more cumbersome to operate. 1 

In a recent review of general controls over IRS computer systems, the General Accounting Office 
found that the IRS did not adequately restrict access to computer programs and data files or monitor 
the use of these resources by staff. As a result, IRS employees who did not need taxpayer data could 
access and/or use it, and unauthorized changes to the taxpayer data could be made inadvertently or 
deliberately In addition to confidentiality and integrity problems, these actions could result in fraud. 2 

The National Research Council (NRC) has also been studying the IRS and its progress in implement- 
ing the TSM initiative. In its report of a two-year study requested by the IRS, NRC found that the IRS 
needed a more integrated, comprehensive, and internally consistent security architecture and that it 
should investigate the use of modern cryptographic techniques such as public-key cryptography and 
digital signatures in electronic filings. NRC also found that the IRS privacy policy developmen tshould 
include a stronger and more effective integration of privacy principles and techniques in TSM system 
designs 3 In a follow-on letter report to the IRS in 1993, NRC found, "The IRS has increased its aware- 
ness of privacy issues and has tackled several security issues over the last three years. However, seri- 
ous concerns remain about the privacy and security issues engendered by TSM. In particular, rapid 
development of a comprehensive privacy and security-policy is needed." 4 According to the NRC com- 
mittee, the new technologies being provided through TSM can read to a wide range of potentially disas- 
trous privacy and security problems for the IRS unless the IRS develops effective, integrated privacy 
and security policies. 5 



1 Stephen Barr, "IRS Computer Revamp Faulted by Study Panel." Washington Post. Aug 20. 1993. p A21 

2 U S General Accounting Office. IRS Information Systems. Weaknesses Increase the Risk of Fraud andlmpair Reliability of Man- 
agement Information, GAO/AIMD-93-34, September 1994 

3 Computer Science and Telecommunications Board. National Research Council, Review of the Tax Systems Modernization of 
the Internal Revenue Service (Washington. DC National Academy Press. 1992) 

4 Letter report from Robert P Clagett (Chair. Committee on Review of the Tax Systems Modernization of the Internal Revenue Ser- 
vice. National Research Council) to Margaret Richardson (Commissioner. IRS). July 30. 1993 

5 Ibid 



SOURCE Office of Technology Assessment. 1994 



problems in the private sector, it believed that the 
real threat existed with government collection and 
use of information, which is the concern that the 
Privacy Act of 1974 addresses. 59 



Since the 1970s, however, computer and com- 
munications technology has enabled the growth of 
an information industry within the private sector. 
The dramatic advances in telecommunications 



9 J.R. Rcidcnbcrg. "Privacy in the Information Economy A Fortress or Frontier for Individual Rights?" Federal Communications Imw 
Journal, vol. 44, No. 2. March 1992. pp. 196-197. 
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and information technology changed the relation- 
ship between individuals and corporations with 
respect to the circulation of personal informa- 
tion. 60 Information technology, networking, and 
proliferation of computers have encouraged ex- 
tensive gathering and dissemination of personal 
information through sophisticated data collection 
techniques, corporate outsourcing of data proc- 
essing, and the establishment of information serv- 
ice providers and clearinghouses. 61 Vast quan- 
tities of personal information containing greater 
detail than ever before about an individual's finan- 
cial status, health status, activities, and personal 
associations became readily available through 
commercial information services and list brokers. 
Information that once had to be laboriously as- 
sembled by hand or using punched-card methods 
could be bought in machine-manipulable form. 62 
These new capabilities and the increased circu- 
lation of personal information to private-sector, 
resale companies raise significant privacy con- 
cerns. A joint Lou Harris/Equifax survey con- 
ducted in 1992 indicated that 79 percent of 
Americans feel their personal privacy is threat- 
ened. Most Americans acknowledge the danger to 
privacy from present computer uses. 63 Privacy 
and information processing have also generated 
substantial interest overseas: in many European 
countries, statutes provide a broad set of privacy 
rights applicable to both the public and private 
sectors. 



I International Privacy Concerns: 
Transborder Data Flow 

Development of sophisticated telecommunica- 
tions systems, coupled with the increased use of 
computing technologies, has resulted in a grow- 
ing, international market in information and 
associated services. Computer and telecommu- 
nications technology delivers news, science, 
education, industry, manufacturing, medical, and 
national defense information. These technologies 
and their ability to transmit information and ser- 
vices over distances are not constrained by nation- 
al borders 64 

Transborder data flow is the transfer of data 
across national borders The media may be ordi- 
nary text on microfilm, punched cards, or comput- 
er listings transmitted by ordinary mail. Data may 
also be transmitted electronically via telephone 
lines, cables, specific data networks, or satellite. 
Such data may be transmitted from a terminal to 
a computer system as part of an international net- 
work. They are then processed in the system and 
sent back to the terminal. The data alternatively 
may be accessed and processed online in a net- 
work by anyone who is able to enter the system. 

Foreign countries, particularly European na- 
tions, have taken steps to address the problem of 
data flows to destinations perceived to lack suffi- 
cient privacy protection. In the mid-1970s, Euro- 
pean lawmakers recognized that data technology 



60 Concerns raised by the computerization of health care information, cited by the Krever Commission of Canada, reflect those raised by 
computerization generally. The commission stated that: 1 ) computer technology makes the creation of new databases and data entry easy, so 
that databases can be created and maintained readily; 2) computerization allows for storage of large amounts of data in a very small physical 
medium. An intruder into a database can retrieve large amounts of data once access is gained; 3) computers provide for the possibility of "invis- 
ible theft" — stealing data without taking anything physical — so that persons are unaware that data has been altered, stolen or abused; and 4) 
computers allow for the possibility of "invisible" modification, deletion, or ad'Jitioi. «f data. Ontario Commission of Inquiry into the Confiden- 
tiality of Health Information. "Report of the Commission." 1980. vol. H, pp. 160-166. 

M J.R. Rcidenbcrg. op. cit.. footnote 59. pp. 201-209. 

62 W. Ware, "The New Faces of Privacy," The Information Society, vol. 10. 1993. pp. 195. 200. 

6 * Harris-Equifax Consumer Privacy Survey 1992. conducted for Equifax by Louis Harris and Associates in association with Alan F. West- 
in. Columbia University. 

64 1. Walden and N. Savage, "Transborder Data Flows," M/orm<7/ion Technology <{■ the Iw % 2nd Ed., I . Walden (ed.) (Great Britain MacMil* 
lan Publisher. Ltd., 1990). p. 121. 
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could lead to invasions of privacy and that this 
should not be regarded as simply a national con- 
cern. They realized that the economic and social 
relationships of many countries were closer than 
before, and that the emergence of a global market 
led to an increased movement of information 
across borders. Since information is often of a per- 
sonal nature, and based on the premise that the ' 
needs of the market should not undermine the 
legal protection for citizens, it was deemed neces- 
sary to regulate the use of personal data similarly 
in all countries. 65 A number of countries prohibit 
the transmission of personal information to coun- 
tries with little or no computer privacy protec- 
tion. 66 Data protection and security requirements 
established by countries outside the United States 
may have a significant impact on transborder data 
flow because of the limited legal standards in the 
United States. 

While the Privacy Act of 1974 addresses the 
protection of data maintained by the federal gov- 
ernment through principles of fair information 
practices (for enumeration and discussion of fair 
information practices, see page 8 1 ), American law 
does not contain a comprehensive set of privacy 
rights or principles that adequately address the ac- 
quisition, storage, transmission, use, and disclo- 
sure of personal information within the private 
sector. Legal protection is accorded through pri- 
vacy rights created by federal or state legislation 
or state common laws. In addition, self-regulatory 
schemes have been adopted by some industries 
and various companies. Although these schemes 
may offer privacy protection, they are not enforce- 
able by law. Europe is sensitive to a need to protect 
privacy, particularly the threat of technology that 
may easily transmit data to a country where corre- 



sponding legal protections may not be afforded 
it. 67 

The European approach to addressing privacy 
concerns is a comprehensive one; most European 
countries have adopted omnibus legislation gov- 
erning private-sector data processing. Among 
these broad national laws are a number of impor- 
tant differences relating to the scope of coverage 
and the regulatory enforcement mechanisms. The 
European Union believes that the effect of these 
differences is likely to ; npede the development of 
the single European market and has proposed a di- 
rective to harmonize these laws and establish a 
community standard of privacy protection. 68 

Two sets of international norms have tradition- 
ally established standards for data protection: the 
Organization for Economic Cooperation and De- 
velopment's (OECD's) voluntary Guidelines 
Governing the Protection of Privacy and Trans- 
border Flows of Personal Data , and the Conven- 
tion of the Council of Europe for the Protection of 
Individuals with Regard to Automatic Processing 
of Personal Data (No. 108/1981). 69 Each at- 
tempted to assure that transborder data could flow 
across borders in an acceptable way and to provide 
the data with a certain level of protection. Later, 
in July 1 990, the European Economic Community 
Commission proposed a draft directive "concern- 
ing the protection of individuals in relation to the 
processing of personal data." 

The Organization for Economic Cooperation 
and Development Guidelines 

The OECD guidelines were drafted in 1979 and 
adopted in September 1980 as the Guidelines on 
the Protection of Privacy and Transborder Flows 



65 P. Blumc. "An EEC Policy for Data Protection." Computer! h\w Journal, vol. II, 1992. 

66 J.R. Rcidcnhcrg, op. cit. footnote 59. p. 238. 

67 Ibid. 

68 Ibid. 

09 OECD is a United Nations intergovernmental institution, established in 1961 with the slated objectives of effective use of economic re- 
sources of member states, development of scientific and technical research, training of personnel, maintenance of stable finances in external 
and internal turnover, liberalization of commodity exchange and flow of capital, and technical assistance to developing countries. 
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of Personal Data. They were developed in re- 
sponse to growing national movements to regu- 
late transborder data flows and the discussion 
about the Council of Europe proposal. The specif- 
ic mandate was: 

... to develop guidelines on basic rules govern- 
ing the transborder flow and the protection of 
personal data and privacy, in order to facilitate 
the harmonization of national legislation, with- 
out this precluding at a later date the establish- 
ment of an international convention. 

The OECD guidelines are based on principles 
of data protection to govern the protection of per- 
sonal data in transborder data flows. These prin- 
ciples are: 

■ Data should be obtained lawfully and fairly. 

■ Data should be relevant to their purposes, accu- 
rate, complete, and current. 

■ The purpose for which data will be used must 
be identified and data must be destroyed if it is 
no longer necessary to serve that purpose. 

■ Use of data for purposes other than those speci- 
fied is authorized only with the consent of the 
data subject or by authority of law. 

■ Procedures must be established to guard against 
loss, destruction, corruption, or misuse of data. 

■ Information about collection, storage, and use 
of personal data and personal data systems 
should be available. 

■ The data subject has a right of access to his or 
her data and the right to challenge the accuracy 
of that data. 

■ A data controller should be designed and ac- 
countable for complying with measures estab- 
lished to implement these principles. 70 

These principles mirror the elements of fair in- 
formation practices that form the basis of much of 
U.S. law related to government information. In 



the private sector, however, these principles are 
'not consistently applied. 71 Since 1980 over 177 
U.S. corporations and trade associations publicly 
endorsed the OECD guidelines and issued policy 
letters on privacy and data security in recognition 
of the importance of this subject, though few U.S. 
companies have publicly implemented the guide- 
lines. 

The guidelines balance the requirements for the 
free flow of data with the need to provide basic 
data protection. They also specifically require that 
data flow be secured. Part 3 of the guidelines deals 
specifically with transborder data flow: 

■ Member countries should take into consider- 
ation the implications for other member coun- 
tries of domestic processing and re-export of 
persnal data. 

■ Member countries should take all reasonable 
and appropriate steps to ensure that transborder 
flows of personal data, including transit 
through a member country, are uninterrupted 
and secure. 

■ A member country should refrain from restrict- 
ing transborder flows of personal data between 
itself and another member country, except 
where the latter does not yet substantially ob- 
serve these guidelines or where export of such 
data would circumvent its domestic privacy 
legislation. A member country may also im- 
pose restrictions in respect of certain categories 
of personal data for which its domestic privacy 
legislation includes specific regulations in 
view of the nature of those data, and for which 
the other member country provides an equiva- 
lent protection. 

■ Member countries should avoid developing 
laws, policies, and practices in the name of the 
protection of privacy and individual liberties, 



70 OECD Doc. No. C(80)5K final. 

7 1 Some argue thai (he discussion about privacy rights should locus on property-rights issues, at least in part. They contend that information 
is "property" and that information-control issues should be view ed as allocating (creating, denying, or conditioning) property rights in informa- 
tion. (R. Nimmerand P. Krauthaus. op. cii.. footnote 11.) 
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that would create obstacles to transborder flows 
of personal data that would exceed require- 
ments for such protection. 72 

While the OECD guidelines are voluntary and 
are not a legally binding instrument, they have 
been endorsed by all 24 member countries. 

The Council of Europe has interpreted the con- 
vention on data protection for specific kinds of 
data processing. The principles at the foundation 
of this convention are virtually identical to those 
of the OECb guidelines. The Council of Europe 
has also defined fair information practices under 
other circumstances and issued recommendations 
for areas such as direct marketing and employ- 
ment records. 73 The U.S. business community 
views these initiatives as reflecting an appropriate 
balance between privacy protection and free flows 
of information. 74 

European Community Council Directive 

In July 1990 the Commission of the European 
Economic Community published a draft Council 
Directive on the Protection of Individuals with 
Regard to the Processing of Personal Data and on 
the Free Movement of Such Data ("The Council 
Directive"). 75 The Council Directive is part of the 
European Union's (EU's) 76 program to create a 
"common market and an economic and monetary 



union, and ... the implementation of certain com- 
mon policies . . . " 77 (For discussion of the Euro- 
pean Union's analysis of information security 
systems, see box 3-5.) 

On March 11, 1992, the European Communi- 
ties Parliament advised amending the commis- 
sion's proposal to eliminate the distinction 
between public and private-sector data protection, 
and then amended and approved the draft Council 
Directive. On October 15, 1992, the commission 
issued its amended proposal, which is being con- 
sidered by the Council of Ministers. 

Under the Council Directive, each of the EU 
member states must enact laws governing the 
"processing of personal data." 78 Processing is de- 
fined broadly as "any operation or set of opera- 
tions," whether or not automated, including but 
not limited to "collection, recording, organiza- 
tion, storage, adaptation or alteration, retrieval, 
consultation, use, disclosure by transmission, dis- 
semination or otherwise making available, align- 
ment or combination, blocking, erasure or 
destruction." 79 Personal data is defined equally 
broadly as "any information relating to an identi- 
fied or identifiable natural person." 80 The only 
"processing of personal data" not covered by the 
Council Directive is that performed by a "natural 



72 OECD LH>c. No. C(80) 58 final. 

73 Sec Council of Europe Committee of Ministers. Recommendation R985(920) on the Protection of Personal Data for Purposes of Direct 
Marketing (1985); and Council of Europe Committee of Ministers. Recommendation R989(2) on the Protection of Personal Data Used for Em- 
ployment Purposes (1989). 

74 M. N. DiTosto. Manager, Telecommunications/Economic and Financial Policy. U.S. Council for International Business. International 
Data Protection Landscape, remarks to the State of Virginia's Committee on Information Policy. July 23. 1993. 

75 Analysis of the provisions of the Council Directive was assisted by personal communication with and material provided by Fred H. Cate. 
Senior Fellow. The Annenbcrg Washington Program. 

76 The European Community officially became the European Union in November 1993. 

77 European Economic Community Treaty of 1957. art. 2 (as amended by the Single European Act of 1986 and the Treaty on European 
Unity (Maastricht. 1992)). 

78 Council Directive. Com(92)422 Final SYN 287 (October 15. 1992). 

79 Ibid. 

80 Ibid., art. 2(a). "I A)n identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification 
number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity." 
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BOX 3-5: The Green Book on the Security of Information Systems 



The Commission of the European Communities' Green Book on the Security of Information Systems 
("Green Book") 1 is the result of a European Council decision adopted in May 1992 establishing a Senior 
Official's Group to advise the commission on action to be undertaken, and to develop strategies for the 
security of information systems or "Action Plan." As a step toward this Action Plan, the Green Book 
examines the issues involved, the range of options resulting from an analysis of the issues, and require- 
ments for action. The Green Book attempts to outline the background to the development of a consis- 
tent approach to information security in Europe. 2 

The intention of the Commission in preparing the Green Book was to set out and promote a better 
understanding of information security issues and to develop a consensus on information system securi- 
ty strategies to be considered on an EC-wide basis. The Green Book represents an intermediate step 
toward the formulation of an Action Plan foreseen in the Council Decision. 3 

The Green Book, in its section on Proposed Positions and Actions, identifies areas where initiatives 
are needed EC-wide. These require a concerted approach within Europe and where possible, interna- 
tionally. The general position taken by the document is that societies engaged in the global economy 
need to provide for adequate levels of information security. With the growing diversity of services and 
applications of telematics, the security of information systems must evolve with the growing demand 
and reduce the risks to security and safety while avoiding obstruction of innovation or economic and 
social developments. 4 The document examines and sets forth a proposed position and action for three 
major areas trust services, international developments, and technical harmonization. 5 

The Green Book addresses issues surrounding trust services, including electronic alternatives to 
traditional techniques of securing information, such as signatures, envelopes, registration, sealing, de- 
positing and special delivery. It raises the issue of information crime and rules governing the use of 
electronic evidence in civil and criminal court proceedings including the need to harmonize these within 
the EC. The absence of such harmonization could create, it asserts, "safe havens" for illegal activities. It 
addresses the need to cater to the needs for seamless information security for business, the general 
public, video and multimedia communications, and telecommuting in nonclassified information The re- 
port suggests that trust services be established, including digital signature, nonrepudiation, claim of 



1 Commission of the European Communities. Directorate General XIII, Telecommunications. Information Market and Exploitation 
of Research. Green Book on the Security of Information Systems, Draft 4.0, Oct 18. 1993. 

2 Ibid 

3 Ibid., p 1 

4 Ibid , at p 2 

5 Ibid , at 3-6. 

(continued) 



person in the course of a purely private and per- 
sonal activity.^ 1 

Individual national laws enacted in compliance 
with the Council Directive must guarantee thai 
"processing of personal data" is accurate, up-to- 



date, relevant, not excessive, used only for the le- 
gitimate purposes for which it was collected, and 
kept in a form that permits identification of indi- 
viduals no longer than is necessary, for that pur- 



81 Ibid., art. 3(2). 
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origin, claim of ownership in negotiable documents, fair exchange of values, intractability, and time 
stamping. It suggests establishment of Europe-wide confidentiality services for nonclassified informa- 
tion, establishment of a network of Trusted Third Parties for the administration of the service provisions 
such as for name assignment, key management, certifications and directories, and liability principles 
for network providers, intermediates, and value-added service providers. It suggests establishment of 
common principles for legislation covering communication crime and for electronic evidence, develop- 
ment of generic codes of practice for handling nonclassified information, including rules for security 
labeling, and development of sector-specific codes of practice and base line controls. 6 
The Green Book discusses rapidly developing international communication and security concerns, 
and recognizes that security needs of European organizations and individuals must be safeguarded 
and the competitiveness of the European industry maintained. It points out the need to avoid creation of 
barriers to trade and services based on the control over security mechanisms and digital signature 
schemes. It proposes that if acceptable international solutions cannot be agreed to, a European option 
should be considered. In response to these positions, it suggests efforts toward international solutions 
for information security, strengthened support for international standardization, and consideration of a 
European security option offering confidentiality and digital signature services internationally 7 

On the subject of technical harmonization, the paper points out that electronic products, systems, 
services, arul applications must be secure and safe, and must operate to generally recognized levels of 
trust The international character of service and product supply requires the establishment of mutual 
recognition of testing, validation, auditing, and liability assessment. To accomplish this, the Green Book 
suggests establishment of an international scheme for evaluation, certification, and mutual recognition 
that provides for security safety, and quality evaluations for applications, services, systems, and prod- 
ucts It also proposes establishment of principles for incident reporting obligations, incidenj^contain- 
ment, schemes for service provider and vendor self-evaluations and declarations, and corrtmunitywide 
quality criteria for safety cf systems, including methodologies for the assessment of threats, vulnerabili- 
ties, and hazards for safety critical systems. 8 



6 ibid . at p 3-4 

7 Ibid . at p 5 

0 Ibtd . at p 5-6 

SOURCE Office of Technology Assessment. 1994. 


pose. 82 Personal data may be processed only with 
the consent of the data subject when legally re- 
quired or to protect "the publ ic interest" or the "le- 
gitimate interests" of a private party, except where 
those interests are trumped by the "interests of the 
data subject." 83 The processing of data revealing 
"racial or ethnic origin, political opinions, re- 



ligious beliefs, philosophical or ethical persua- 
sion . . . [or] concerning health or sexual life" is 
severely restricted and in most cases forbidden 
without the written permission of the data sub- 
ject." 84 



" 2 Ibid., art. 6(1). 

Ibid., art. 7. 
84 Ibid., art. 8. 
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Persons from whom data is to be collected must 
be informed of the purposes of the intended proc- 
essing; the obligatory or voluntary nature of any 
reply; the consequences of failing to reply; the 
recipients of the data; the data subject's right of ac- 
cess to, and opportunity to correct, data concern- 
ing her or him; and the name and address of the 
"controller" 85 This same disclosure, except for 
that concerning the obligatory or voluntary nature 
of any response and the consequences of failing to 
reply, must be provided to anyone about whom 
data is collected without their consent. 86 

The Council Directive requires member states 
to enact laws guaranteeing each individual access 
to, and the opportunity to correct, processed in- 
formation about her or him. This right of access 
may be limited only to protect national security, 
defense, criminal proceedings, public safety, a 
"duly established paramount economic and finan- 
cial interest of a member state or of the [European] 
Community . . or a similar interest. 

National laws under the Council Directive 
must also permit data subjects to correct, erase, or 
block the transfer of "inaccurate or incomplete 
data," 87 and the opportunity to object to the proc- 
essing of personal data. 88 The Council Directive 
requires that data subjects be offered the opportu- 
nity to have personal data erased without cost be- 
fore they are disclosed to third parties, or used on 
their behalf, for direct mail marketing. 89 

The Council Directive establishes basic re- 
quirements for protecting personal data from "ac- 



cidental or unlawful destruction or accidental loss 
and against unauthorized alteration or disclosure 
or any other unauthorized form of processing." 90 

In keeping with most European data protection 
legal regimes, the Council Directive requires that 
controllers' notify the applicable national "super- 
visory authority" before beginning any data proc- 
essing. 91 At minimum, member states' national 
laws must require that the notification include: the 
name and address of the controller, the purpose for 
the processing, the categories of data subjects, a 
description of the data or categories of data to be 
processed, the third parties or categories of third 
parties to whom the data might be disclosed, any 
proposed transfers of data to other countries, and 
a description of measures taken to assure the secu- 
rity of the processing 92 

Each supervisory authority is required to inves- 
tigate data processing that "poses specific risks to 
the rights and freedoms of individuals." 93 For cer- 
tain routine processing that does not pose signifi- 
cant threat to individuals rights (e.g., the 
production of correspondence, consultation of 
documents available to the public, etc.), the Coun- 
cil Directive permits members states to simplify 
or even eliminate the notification requirements 94 
Each supervisory authority is required to keep and 
make available to the public a "register of notified 
processing operations." 95 

Under the Council Directive, each member 
state must establish an independent public author- 



85 Ibid., art. 11(1). 

86 Ibid., art.8. 

87 Ibid., art. I4<3). 

88 Ibid., art. 15(1). 

89 Ibid., art. 15(3). 

90 Ibid., art. 17(1). 

91 Ibid., art. 18(1). 

92 Ibid., art. 18(2). 
9 * Ibid., art. 18(4). 

94 Ibid., art. 19. 

95 Ibid., art. 21. 
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ity to supervise the protection of personal data/ 6 
which has the power to investigate data process- 
ing activities, to intervene and order the destruc- 
tion of data that has infringed on personal rights, 
to order that processing cease, and to block trans- 
fer of data to third parties. The supervisory author- 
ity must also have the power to deal with 
complaints from data subjects and is required to 
issue a publicly available report at least annual- 
ly. 97 

Each member state's law must provide for civil 
liability against those that control data for unlaw- 
ful processing activities, 98 and impose penalties 
for noncompliance with the national laws adopted 
pursuant to the Council Directive. 99 National laws 
must provide both for enforcement by a supervi- 
sory authority and for remedies for breach of 
rights. 100 

Finally, although forbidden to restrict the flow 
of personal data among themselves because of na- 
tional data protection or privacy concerns, mem- 
ber states will be required to enact laws 
prohibiting the transfer of personal data to non- 
member states that fail to ensure an "adequate lev- 
el of protection." 101 The prohibition is of 
particular concern to U.S. business interests. The 
basis for determining the adequacy of the protec- 
tion offered by the transferee country "shall be 
assessed in the light of all circumstances sur- 
rounding a data transfer," including the nature of 
the data, the purpose and duration of the proposed 
processing, the "legislative provisions, both gen- 
eral and sectoral," in the transferee country, and 
the "professional rules which are complied with" 
in that country. 102 However, the Council Direc- 



tive does not spell out standards for making evalu- 
ations. 

Because the United States lacks comprehen- 
sive laws on fair information practice, the Council 
Directive prompts increased scrutiny of U.S. pri- 
vate-sector activity in the area of data protection. 
U.S. business has some serious concerns about the 
EU proposal, as it relates to the data subject's con- 
sent and the transfer of data to non-EU countries. 

With respect to issues surrounding transborder 
data flows, the initial version of the proposed 
Council Directive required all member states to 
prevent the transfer of personal data to a non-Eu- 
ropean Union country unless that country ensured 
an "adequate level of protection," where adequacy 
appeared to be determined by an EU evaluation of 
the third countries' national data protection laws. 
The first draft of the proposed Council Directive 
allowed EU level coordinating committees to es- 
tablish a blacklist of countries, but did not require 
it. There was great concern about how the United 
States would be treated. 

Business was especially concerned with this 
provision because of its potential to erect barriers 
to the free flow of information. This was also per- 
ceived as indirectly imposing EU standards on 
third-party countries, including the United States, 
where the approach to privacy protection is differ- 
ent. The business community prefers to rely on the 
existing structure of federal, state, and industry- 
specific laws in this area and on self-regulation 
rather than broad legislation. The business com- 
munity sees the revised Council Directive as plac- 
ing more emphasis on the importance of the free 
flow of information. It now states that the adequa- 



96 Ibid., art. 30(1). 

97 Ibid., art. .10(3). 

98 Ibid., art. 2.V 

99 Ibid., art. 25. 

100 Ibid., art. 22. 

101 Ibid., art. 26( 1 ). The prohibition is subject lo exemptions where the transfer is necessary 1 ) to the performance of a contract in which the 
data subject has consented to the transfer; 2) to serve an "important public interest"; or 3) to protect "the vital interest of the data subject." 

102 Ibid., art. 26(2). 
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cy of protection in a non-EU country "shall be as- 
sessed in the light of all the circumstances 
surrounding the data transfer operation," includ- 
ing nature of the data, purpose and duration of 
processing, laws, and professional rules, but be- 
lieves it should go further and recognize self-regu- 
latory practices, such as a company's internal code 
of conduct. 103 The EC has commissioned an ex- 
tensive study of U.S. law and practice in connec- 
tion with an interest in better understanding the 
scope of information practices in the United 
States. 104 

In addressing the sufficiency of existing U.S. 
legal standards for privacy and security in a net- 
worked environment for the private sector: 

■ Congress could legislate to set standards simi- 
lar to the OECD guidelines; or, alternatively, 

■ Congress could allow individual interests, 
such as the business community, to advise the 
international community on its own of its in- 
terests in data protection policy. However, be- 
cause the EU's protection scheme could affect 
U.S. trade in services and could impact upon 
individuals, Congress may also wish to moni- 
tor and consider the requirements of foreign 
data protection rules as they shape U.S. securi- 
ty and privacy policy to assure that all interests 
are reflected. 

One means of assuring that a diversity of in- 
terests is reflected in addressing the problem of 
maintaining privacy in computerized informa- 
tion — whether in the public or private sector — 
would be for Congress to establish a Federal 
Privacy Commission. Proposals for such a com- 
mittee or board were discussed by the Office of 
Technology Assessment (OTA) in its 1986 study 
of Electronic Record Systems and Individual Pri- 



vacy. OTA cited the lack of a federal forum in 
which the conflicting values at stake in the devel- 
opment of federal electronic systems could be ful- 
ly debated and resolved. As privacy questions will 
arise in the domestic arena, as well as internation- 
ally, a commission could deal with these as well. 
Data protection boards have been instituted in 
several foreign countries, including Sweden, Ger- 
many, Luxembourg, France, Norway, Israel, Aus- 
tria, Iceland, United Kingdom, Finland, Ireland, 
the Netherlands, Canada, and Australia. 

The responsibilities and functions suggested 
for a privacy commission or data protection board 
are: 

1 . to identify privacy concerns, that is to function 
essentially as an alarm system for the protec- 
tion of personal privacy; 

2. to carry out oversight to protect the privacy in- 
terests of individuals in information handling 
activities; 

3. to develop and monitor the implementation of 
appropriate security guidelines and practices 
for the protection of health care information; 

4. to advise and develop regulations appropriate 
for specific types of information systems; 

5. to monitor and evaluate developments in in- 
formation technology with respect to their im- 
plications for personal privacy in information; 
and 

6. to perform a research and reporting function 
with respect to information privacy issues in 
the United States. 

Debate continues as to whether such a body 
should serve in a regulatory or advisory capacity. 
In the 103d Congress, legislation has been 
introduced that would establish a Privacy Protec- 
tion Commission. 105 



103 M.N. Di Tosto. Manager. Telecommunications/Economic and Financial Policy. United States Council for International Business. "In- 
ternational Data Protection Landscape." remarks to the State of Virginia's Committee on Information Policy. July 23, 1993. 

104 The study, directed by Professor Spiros Sirnitis. Wolfgang Goethe College of the University of Frankfurt and conducted by Professors 
Paul Schwartz, University of Arkansas School of Law and Joel R. Rcidcnberg.Fordham University School of Law. is expected to be released in 
1994. 

105 S.1735. the Privacy Protection Act. was introduced by Senator Paul Simon on Nov, 20. 1993. 
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DIGITAL LIBRARIES 

Digital libraries, or networked information collec- 
tions, allow online access to books, journals, mu- 
sic, images, databases, and multimedia works. 
Digital libraries rely upon technological advances 
in networking — ranging from advanced data stor- 
age technologies and processes to widespread use 
of interoperable devices and development of a Na- 
tional Information Infrastructure. Digital libraries 
would integrate networked information resources 
of all kinds into new collaborative environ- 
ments. 106 

Digital libraries make available to institutions 
online versions of journals and magazines, text 
and graphics from books, and other print re- 
sources. Digital libraries might also include re- 
sources such as linked libraries for software, 
collections of human genome data sequences, and 
global climate data. 107 Others envision the digital 
library as a network of publishers, vendors, li- 
braries, other organizations, and individuals (pub- 
lic, commercial and private), any of which can 
offer an item or collection of items. 108 These li- 
braries will affect the way that library users obtain 
and report research information, and promise to 
provide researchers with easy access to a wide 
array of information resources. 109 

One example of ways in which these libraries 
bring together texts from a variety of sources is the 



Electronic Text Center, an online collection at the 
University of Virginia in Charlottesville: The nu- 
manities collection held at the center contains the 
Oxford English Dictionary, a wide range of Old 
English writings, several versions of Shake- 
speare's works, the complete works of 1 ,350 Eng- 
lish poets, and hundreds of other literary, social, 
historical, philosophical, and political materials 
in various languages, 1 10 These data are stored on 
large-capacity magnetic disk drives, while com- 
puters in the library and elsewhere on campus can 
search and view all materials, including color 
images of manuscript pages. A text-only version 
of the database can be viewed over a network us- 
ing desktop computers. Access to the system, 
which has been used increasingly since its imple- 
mentation in August 1992, is limited to university 
students, faculty, and staff. 111 

In the area of science, an analogous system is 
disseminated over Cornell University's local area 
network called Chemistry On-line Retrieval Ex- 
periment, a prototype electronic library of 20 
American Chemical Society journals. Four parti- 
cipants collaborate in the project: the American 
Chemical Society and its Chemical Abstracts Ser- 
vice division; Bell Communications Research 
(Bellcore) of Morristown, New Jersey; Cornell 
University's Mann Library; and the Online Com- 
puter Library Center, a database resource service 



106 The Corporation for National Research Initiatives (CNRI) outlines one proposal for components of a digital system, which could in- 
clude: I ) personal library systems for the users; 2) organizational library systems for serving groups of individuals or activities; 3) new as well as 
existing local or distant databases; 4) database servers to handle remote requests, and 5) a variety of system functions to coordinate and manage 
the entry and retrieval of data. The system components arc assumed to be linked hy means of one or more interconnected computer networks. 
They assume use of active intelligent computer programs such as "knowbot" programs, that act as agents traveling within a network and acces- 
sing network resources on behalf of end users. The programs would be capahle of exchanging messages with other such programs and moving 
from one system to another carrying out the wishes of the users. 

107 Robert Aiken. Network Research Program Director. U.S. Department of Energy. Livermorc National Laboratories, personal commu- 
nication. May 1994. 

108 U.S. Department of Commerce. Technology Administration. Putting the Information Infrastructure to Work: Report of the Information 
Infrastructure Task Force Committee on Applications and Technology. NIST Special Publication 857 (Gaithcrshurg. MD: National Institute of 
Standards and Technology, May 1994) . p. 95. 

uw Stu Borman. "Advances in Electronic Puhlishing Herald Changes for Scientists." Chemical A Engineering News. vol. 7 1 , No. 24. June 
14. 1993. pp. 10. 16. 
"<MmU 
1,1 Ihid. 
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for libraries, based in Dublin, Ohio. This system 
enables student and faculty access to a database 
that will eventually include more than 10 years* 
worth of 20 chemical journals and information 
from scientific reference texts. Users can electron- 
ically retrieve articles, complete with illustra- 
tions, tables, mathematical formulas, and 
chemical structures. They can also switch to ar- 
ticles on related topics, or to reference articles, us- 
ing hypertext-type links. 112 

Ways in which digital information differs from 
information in more traditional forms include the 
following: 

1 . Digital works are easily copied, with no loss of 
quality. 

2. They can be transmitted easily to other users or 
be accessed by multiple users. 

3. They can be manipulated and modified easily 
and changed beyond recognition. 

4. Works treated very differently under current 
copyright law are essentially equivalent: text, 
video, or music are all reduced to a series of bits 
and stored in the same medium. 

5 . Works are inaccessible to the user without hard- 
ware and software tools for retrieval, decoding, 
and navigation. 

6. Software allows for new kinds of search and 
linking activities that can produce works that 
can be experienced in new ways, e.g., interac- 
tive media. 113 



The nature of digital works changes how authors 
create, the kinds of works they create, and the 
ways that readers or users read or use the works. 
These changes in the nature of creati v <s works af- 
fect the operation of copyright law. (For a discus- 
sion of copyright law and the related issue of fair 
use, see boxes 3-6 and 3-7.) In an earlier work, 
OTA suggested several options for dealing with 
these issues. Among these were to clarify the sta- 
tus of mixed-media works with respect to their 
copyright protection and to create or encourage 
private efforts to form rights clearing and royalty 
collection agencies for groups of copyright own- 
ers. 114 However, the application of intellectual 
property law to protect works maintained in digi- 
tal libraries continues to be uncertain; concepts 
such as fair use are not clearly defined as they ap- 
ply to these works, and the means to monitor com- 
pliance with copyright law and to distribute 
royalties are not yet resolved. 

I Findings from OTA's 1992 Study of 
Software and Intellectual Property 

In an earlier work, Finding a Balance: Computer 
Software, Intellectual Property and the Challenge 
ofTechnological Change, 115 OTA examined fun- 
damental copyright issues raised by collections of 
digital information. OTA's findings still apply, 
and bear mentioning s ere. 



1,2 Ibid. 

1 1 3 U.S. Congress, Office of Technology Assessment, Finding a Balance: Computer Software, Intellectual Property and the Challenge of 
Technological Change, OTA-TCT-527 (Washington, DC: U.S. Government Printing Office, May 1992). These differences were also cited in 
Putting the Information Infrastructure to Work: Report of the Information Infrastructure Task Force Committee on Applications and Technolo- 
gy, op. cit., footnote 1 08, p. 96. The report stated that "[t]he advanced information infrastructure presents three significant and qualitatively new 
challenges to protecting intellectual property. First, digitization offers an unprecedented, easy, and inexpensive method to produce an indefinite 
number of perfect copies. Second, information in disparate media can be converted into a single digital stream and can be easily manipulated to 
create a variety of new works. Third, digitized information ran be instantaneously distributed to and downloaded by thousands of users of the 
network." 

1 14 Ibid., p. 36. However, some commentators believe that an approach more appropriate to present technological capabilities would allow 
for direct payments. (Oliver Smoot, Executive Vice-President, Computer and Business Equipment Manufacturers Association, personal com- 
munication, May 1994.) At the same time, efforts to arrive at a standard licensing contract for online information have confronted problems. 
(Laurie Rhoades, Attorney Advisor, U.S. Copyright Office, personal communication , May 1994.) 

115 Finding a Balance, op. cit., footnote 1 1 X 
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What Is a "Work" 

Copyright protection attaches to an "original work 
of authorship" when it is "fixfcd in any tangible 
medium of expression." Thus, when an author 
writes a novel on a computer or word processor, 
it is clear that a printout is fixed and tangible and 
protected by copyright. It is also fairly clear that 
the words on the cathode-ray tube disappear when 
it is turned off and therefore are unprotectable. 

The electronic mail message is a new type of 
"work" that usually exists only in digital form un- 
til it is printed out. Most messages are of a tempo- 
rary nature and their authors may or may not care 
whether their rights under copyright are protected. 
Other users of electronic mail use this medium to 
contact and collaborate with colleagues, to ex- 
press ideas, and to exchange drafts of works in 
progress. In these cases, people would likely wish 
to retain the rights to their writings. 

The technology of electronic messages also 
raises questions about the definition of publishing 
for purposes of copyright. A person can forward 
an electronic message received from someone else 
very easily to any number of other people. Is this 
kind of distribution the same as publishing, aright 
that copyright law grants exclusively to the au- 
thor? A message can also be modified before for- 
warding: does this create a derivative work, for 
which permission from the author should be 
gained? Whether or when an infringement of copy- 
right occurs in these cases has not yet been tested. 

A further complication in the definition of a 
work arises because computers make collabora- 
tion and multiple authorship easy. Many electron- 
ic mail messages are generated as a part of 
computer conferences, whereby people communi- 
cate about topics of mutual interest, even though 
they are geographically separated. Conferencing 
software on the host computer records and reorga- 
nizes incoming messages so that each participant 
can reau what has been written by others and then 
add his or her own responses. 

Are the proceedings of a computer conference 
a joint or collective work, or many separate 
works? If it is a collective work with many con- 
tributors, the individual contributors can claim au- 



thorship in their respective contributions, but who 
can claim authorship in the collection as a whole? 
If it is not a joint work, does each individual mes- 
sage constitute a separate work, or do all the con- 
tributions of one author constitute a work? The 
question of what constitutes the work, and the 
identity of the author or authors, will determine 
the rights that pertain thereto. 

The question of the size of a work might be im- 
portant in determining if infringement has taken 
place and if a fair-use defense against infringe- 
ment is appropriate. Fair use is determined by four 
criteria (discussed in box 3-7), one of which is the 
amount and substantiality of material used with 
respect to the whole. 

Special Concerns of Libraries 

Many of the rules under the copyright law regard- 
ing lending and sharing library materials or mak- 
ing preservation copies or replacement copies of 
damaged works were developed with printed 
books and journals in mind. 

Some provisions in the copyright law also deal 
with copying and other use of "computer pro- 
grams," but do not specifically extend to digital 
information. The copyright law gives the owner of 
a computer program the right to make an archival 
copy under certain conditions. The library may 
not be the owner of the computer program. Ven- 
dors often say that programs are licensed, not sold. 
The library, as a licensee rather than an owner, 
does not have the rights described in the copyright 
law; these are abrogated by the terms of the li- 
cense. There is considerable controversy over the 
enforceability of many of these contracts in which 
the vendor has enough bargaining power to force 
terms on the user. At present, thiere is a wide vari- 
ety in the terms and conditions of software and da- 
tabase licenses. An institutional user like a library 
or university computer center often uses hundreds 
of different program and data packages, and en- 
suring compliance with all of the packages differ- 
ent requirements is difficult. 

The copyright law also currently refers only to 
computer programs and not to data or digital 
information. Since computer data is stored in the 
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Copyright law in the United States protects the rights of an author to control the reproduction, 
adaptation, public distribution, public display, and public performance of original works of authorship of 
every kind, ranging from books to sound recordings. 

A fundamental goal of U.S. copyright law is to promote the public interest and knowledge — the 
"Progress of Science and useful Arts." 1 Although copyright is a property interest, its primary purpose 
was not conceived of as the collection of royalties or the protection of property; rather, copyright was 
developed primarily for the promotion of intellectual pursuits and public knowledge. As the Supreme 
Court has stated: 

The economic philosophy behind the clause empowering the Congress to grant patents and copyrights is 
the conviction that encouragement of individual efforts by personal gain is the best way to advance public wel- 
fare through the talents of authors and inventors in Science and the useful Arts. 2 

Much of the structure and basis for American law is derived from its British legal antecedents. After 
the introduction of the printing press in England in the late 1400s, the Crown's first response was to 
control what writings were printed or copied. The earliest British copyright laws were enacted in the 
1500s to promote censorship by the government to cooperation with a monopolistic group of printers 
known as the Stationer's Guild. This system collapsed when the company failed to exercise discretion 
as a censor, but used its monopoly power to set high prices. Parliament's response in 1695 was to allow 
the Stationer's copyrights to expire, but this resulted in a period of anarchical publication. In 1709 Par- 
liament responded to the situation by enacting legislation known as the Statute of Anne. This statute 
granted a copyright to authors, as opposed to printers, for a period of 14 years. The copyright was 
renewable for an additional 14 years if the author was still alive. After the expiration of the copyright, the 
writing became part of the public domain available for use by anyone. This first modern copyright law 
became the model for subsequent copyright laws in English-speaking countries. 3 

After severing ties with Great Britain, the former American colonies sought means to secure copy- 
right laws. In 1783, the Continental Congress passed a resolution encouraging the various states to 
enact copyright legislation. All of the states except Delaware enacted some form of copyright statute, 
although the various State laws differed greatly. 4 Because of thp differences in the State copyright laws 
and the ensuing difficulties, the Framers of the Constitution, notably James Madison, asserted that the 
copyright power should be conferred upon the legislative branch. 5 This concept was ultimately 
adopted, and Congress was granted the right to regulate copyright (art. I, sec. 8, cl. 8). 6 



1 The Constitution provides that "Congress shall have power to Promote the Progress of Science and useful Arts, by securing 
form limited Times to Authors and Inventors . the exclusive Right to their respective Writings and Discoveries " 
2 Maserv.Stein, 347 US 201.219(1954) 

3 See U S. Congress, Office of Technology Assessment, Intellectual Property Rights in an Age of Electronics and Infoimation. 
OTA-CIT-302 (Washington. DC U S Government Printing Office. April 1986) 

4 R P Lyman. Copyright in Historical Perspective (Nashville TN- Vanderbilt University Press 1968). p 183 

5 Ibid 

6 Congress's constitutional grant of copyright regulation is more restricted than its English antecedents 
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The First Congress in 1790 enacted the firstf federal copyright act. This legislation provided for the 
protection of author's rights. 7 Commentators have written that the central concept of this statute is that 
copyright is a grant made by a government and a statutory privilege, not a right. The statute was sub- 
stantially revised in 1831 8 to add copyright covepa^e to musical compositions and to extend the term 
and scope of copyright. A second general rey^ion of copyright law in 1870 9 designated the Library of 
Congress as the location for administration of the copyright law, including the deposit and registration 
requirements. This legislation extended copyright protection to artistic works. The third general revision 
of American copyright law in 1909?° permitted copyright registration of certain types of unpublished 
works. The 1909 legislation also changed the duration of copyright and extended copyright renewal 
from 14 to 28 years. A 1971 amendment extended copyright protection to certain sound recordings. 11 
The fourth and most recent overhaul of American copyright law occurred in 1976, after years of study 
and legislative activity. The 1976 legislation modified the term of copyright and, more significantly, co- 
dified the common law fair-use concept as a limitation on the exclusive rights of the copyright holder. 
In 1980, following recommendations made by the National Commission on New Technological Uses of 
Copyrighted Works, legislation explicitly extended copyright to computer programs. 12 
The copyright statute interprets the constitutional term "writings" broadly, defining it as; 

. works of authorship . . . fixed in any tangible medium of expression now known or later developed, from 
which they can be perceived, reproduced or otherwise communicated, either directly or with the aid of a ma- 
chine or device. 13 

Copyright protection is expressly provided for eight categories of a works- literary; musical, dramat- 
ic, pantomimes and choreographic; pictorial, graphic, and sculptural, motion picture and other audio- 
visual works; sound recording, and architectural; however, the legislative history indicates that these 
categories are not meant to be exhaustive. Computer programs are copyrightable as "literary works" 
as defined in 17USC. 101. 14 

The term computer program is also defined in section 101 as "a set of statements or instructions 
used directly or indirectly in a computer in order to bring about a certain result " 

Copyright protection subsists from the time work of authorship is created in a fixed form. The copy- 
right in the work becomes the property of the author immediately upon creation. Only the author or one 
deriving rights through the author, can rightfully claim copyright. 



7 Ch 15. Sec 1.1 Stat. 12 See. OTA-Cir-302. op cit. (ootnote . . p 64. 

8 4 Stat 436 

9 Act ol July 8, 1879. c 230. 16 Stat. 198 

»0 Act of March 9. 1909 c 320. 35 Stat 1075 
11 Public law 92 -140. Oct 15. 1971. 85 Stat B91 
12 17USC 107.117 

13 17 USC 102(a) 

14 17 U.S.C. 101 provides in pertinent part "Literary works" are works, other than audiovisual works, expressed in words, num- 
beis. or other verbal or numerical symbols or indicia, regardless of the nature of the material objects, such as books, periodicals, 
manuscripts, phoroiecords. film, tapes, disks or cards, in which they are embodied 
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In the case of works made for hire, the employer rather than the employee is presumptively consid- 
ered the author. A work made for hire is define as: 

1 . a work prepared by an employee within the scope of his other employment; or 

2 a work specially ordered or commissioned for use in a variety of circumstances enumerated by 



Copyright does not protect ideas, but rather the expression of ideas. Copyright protection does not 
extend to anv: 

. . . procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in 
which it is described, explained, illustrated, or embodied. 15 

Copyright protects the writings of an auihor against unauthorized copying, distribution, and so forth, 
and protects the form of expression rather than the subject matter of the writing. Unlike patents, it does 
not protect against independent creation. Copyright grants the owner the exclusive right to do and to 
authorize others to do the following: 16 

■ reproduce copies of the copyrighted work; 

■ prepare derivative works based on the copyrighted work; 

■ distribute copies of the copyrighted work to the public by sale or other transfer of ownership, or by 

rental, lease or lending; 

■ perform the copyrighted work publicly; and 

■ display the copyrighted work publicly. 17 

The statute does, however, specify certain limitations to the copyright owner's exclusive rights that 
are noninfringing uses of the copyrighted works. These limitations include the "fair use" of the work (17 
U S C. 107(1988)), certain kinds of reproduction by libraries and archives (17 U.S.C. 108 (1988)), cer- 
tain educational performances and displays (17 U.S.C. 110 (1988)), and certain other uses (17 U.SC. 
117 (1980)) 

It is an infringement of the copyright for anyone to engage in any of the activities enumerated above 
without the authorization of the copyright owner. The copyright statute provides that the copyright owner 
may institute an action for infringement against the copyright infringer to prevent further infringement of 
the copyright (17 U.S.C. 502 (1J88)) An infringer of a copyright may be subject to the payment of actu- 
al damages and profits to the copyright owner (17 U.S.C. 504 (b)(1988)); or in certain circumstances 
the copyright owner may elect specified statutory damages within specified ranges in lieu of actual 
damages add profits (17 U S C. 504 (c)(1988)). In addition, in certain cases the court may permit the 
recovery of legal fees and related expenses involved in bringing the action (17 U.S.C. 505 (1988)) 
Criminal sanctions may also be imposed for copyright infringement in certain cases (17 U S C. 506 
(1988)). 



15 17USC 102(b) 

16 Not all works, however, enjoy alt rights For example, sound recordings have no public performance right 1 7 U S C 1 06(4) 
17 17US.C 106 

SOURCE U S Congress. Office of Technology Assessment. Copyright and Home Copying Technology Challenges the Law. OTA- 
ClT-422 (Washington. DC U S Government Printing Office. October 1989) 
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The tension between the stimulation of intellectual pursuits and the property interests of the copy- 
right owner has been a central issue in the development, implementation, and interpretation of Ameri- 
can copyright laws. Moreover, the concept of copyright presents a seeming paradox or contradiction 
when considered within the context of the first amendment freedom of speech guarantees: while the 
first amendment guarantees freedom of expression, it can be argued that copyright seems to restrict 
the use or dissemination of information. It can be argued, however, that copyright, to the degree that it 
stimulates expression and encourages writing and other efforts, furthers first amendment expression 
values by encouraging the quantity of "speech" that is created. 1 In attempting to resolve these conflict- 
ing interests, the courts have adopted a test that weights the interests of freedom of expression and the 
property interests of the copyrightholder to arrive at an acceptable balance. 2 An extensive body of 
case law has been developed that weighs and counterbalances first amendment concerns and the 
rights of the copyright holder. 3 

Hence, the American copyright system is based on dual interests: intellectual promotion and proper- 
ty rights. Combined with these factors is the first amendment freedom of expression concern. Courts 
have balanced and assessed these seemingly conflicting elements, and Congress has considered 
them in enacting copyright legislation. 

Much of the historical balancing has occurred in the context of the fair-use doctrine. The doctrine of 
fair use as codified in the Copyright Act of 1976 has antecedents in British law of the 18th and 19th 
centuries and in 19th century U S case law Various approaches have been adopted to interpret the 
fair-use doctrine. It has been said that the doctrine of "fair use" allows the court to bypass an inflexible 
application of copyright law, when under certain circumstances it would impede the creative activity 
that the copyright law was supposed to stimulate. Indeed, some commentators have viewed the flexibil- 
ity of the doctrine as the "safety valve" of copyright law, especially in times of rapid technological 
change Others have considered the uncertainties of the fair-use doctrine the source of unresolved am- 
biguities 

In codifying the fair-use exception in the Copyright Act of 1976, Congress did not formulate a specif- 
ic test for determining whether a particular use was to be construed as a fair use. Rather, Congress 
created statutory recognition of a list of factors that courts should consider in making their fair-use de- 
terminations The four factors set out in the statute are: 

1 the purpose and character of the use, including whether such use is of a commercial nature or is 

for nonprofit educational purposes; 
2. the nature of the copyrighted work; 

3 the amount and substantiality of the portion used in relation to the copyrighted work as a whole; 
and 

4 The effect of the use on the potential market and value of the copyrighted work (17 U.S C. 107). 



1 1I is alsoargued that freedom ol speech guarantees the speaker the right to speak his or her own expression, and that it does not 
give him Ihe right to speak) or copy someone else's expression Nor does it prevent a speaker from using the ideas or information in 
someoneelse's ideas, facts, or mformalion Copyright requires the speaker to arrive at his own expression from the ideas he wishes to 
express The resulting conflict or balance between these interests is part of copyright ilsell — limited protection, with the limitations 
specifically designed to encourage publication and access to mformalion The remaining conflict, it is argued, may be resolved by 
fair use Mary Jensen University of South Dakota School of Law. personal communication. Sept 29.1991 

2 i/elvilleNimmer. Nimmer on Copyright (New York MY Bender. 1991). vol l.sec 1 10 

3 See Harper & Row Publishers, Inc v Nation Enterprises. 471 U S 539(1985) 



(continued) 



ERIC 




Chapter 3 Legal Issues and Information Security 1 103 



BOX 3-7 (cont'd.fcFair Use 



Congress realized that these factors were "in no case definitive or determinative" but rather "po- 
vided some gauge [sic] for balancing equities." It appears that Congress developed a flexible set of 
criteria fo: analyzing the circumstances surrounding each fair-use case, and that each case would be 
judicially analyzed on an ad hoc basis. Therefore, courts seem to have considerable latitude in apply- 
ing and evaluating fair-use factors. 4 Courts have given different weight and interpretation to the fair use 
factors in different judicial determinations. The following illustrations demonstrate how some courts have 
interpreted certain fair-use factors. 

In evaluating the first factor, the purpose and character of the use, courts have not always held that 
the use "of a commercial nature" precludes a fair-use finding, nor does a "nonprofit educational" pur- 
pose mandate a finding of fair use. A defense of fair use on the basis of the first criterion will more often 
be recognized, however, when a defendant uses the work for educational, scientific, or historical pur- 
poses. 

Consideration of the second factor, the nature of the copyrighted work, must be based on the facts 
and circumstances of each particular case. For instance, courts have interpreted the scope of the fair 
use doctrine narrowly for unpublished works held confidential by their authors. 

In examining the third factor, the amount and substantiality of the portion of the work used, courts 
have looked at both the quantitative aspect— how much of the work is used— and the qualitative fac- 
tor—whether the "heart" or essence of the work is used. The fair-use doctrine is usually not considered 
to be applicable when the copying is nearly a complete copy of the copyrighted work, or almost verba- 
tim. Before the Court of Claims decision in Williams & WHkins Co. v. United States, 5 courts as a rule did 
not allow fair use for copying of entire works or substantial portions of a work. However, the issue of 
copying entire works was the topic of significant debate prior to passage of the 1976 act. The result of 
this debate, which allows for this kind of copying under limited circumstances, is found in section 108. 
which sets out guidelines for classroom copying, and in interpretation of fair use in the legislative re- 
ports. 6 

In assessing the fourth factor courts have examined the defendant's alleged conduct to see whether 
it poses a substantially adverse effect on the potential market for, or value of, the plaintiff's present work 
These considerations are used with great care by the courts in applying the fair-use doctrine on a case- 
by-case basis. 

Congress looked to the issue of copyright fair use at some length in 1991 , examining whether the fair 
use doctrine and the First Amendment permit biographers to make unauthorized use of their subject's 
unpublished letters and manuscripts. The courts have decided this issue on the basis of the specific 
facts of each case, but emphasizing the unpublished nature of the work in denying fair use 

In 1991 the Senate passed S 1035 to clarify that the unpublished nature of a copyrighted work does 
not per se preclude applicability of the fair use defense to infringement A similar measure was deleted 
from H.R 2372 when a district court ruled in favor of a biographer in Wright v Warner Books 7 



4 For a historical analysis of the fair use (actors, see William Patry. The Fair Use Privilege in Copyright Law (Washington. DC The 
Bureau ot National AHairs. 1985). ch 17. 

5 Williams &Wilkins Co v UnitedStates. 172U S PQ 670(Ct CI 1972). 487F2d 1345. 180U S PQ 49 (O. Cl 1973). aft'dby an 
equally divided court, 420 U S 376. 184 U S PQ 705 (1975) 

6 Patry. op cit . footnote 4. pp 449-450 

7 Wright v Warner Books, 748 F Supp 1 05 (DC SNY 1 990) The Second Circuit affirmed 

SOURCE U S Congress. Office of Technology Assessment. Copyright and Home Copying Technology Challenges the Law, Ol A- 
CIT-422 (Washington. DC U S Government Printing Office. October 1989) and cited sources 
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same medium as computer programs, it would 
seem logical to treat them in the same way. How- 
ever, the argument remains that digital data does 
not fit the definitions currently set put in section" 
101 of the Copyright Act so owners have no right 
to make archival copies. The two points raised 
here become even more complicated for libraries 
in the case of mixed-media works in which printed 
material, digital data, computer programs, micro- 
fiche, and other forms might be packaged and 
used together. 

Libraries have long participated in resource 
sharing whereby several libraries cooperatively 
purchase material, and some libraries don't make 
certain purchases in the knowledge that the mate- 
rial can be obtained through interlibrary loan. Re- 
source sharing practices have long been viewed as 
prudent use of both funds and storage space, espe- 
cially for low-demand items. Interlibrary loans of 
collections among libraries is institutionalized by 
tradition and acceptable under the provisions of 
the Copyright Act (section 108). Interlibrary loan 
exchanges have increased dramatically in recent 
years. However, sharing of other information re- 
sources has recently come under fire from some 
publishers, who see them as depriving informa- 
tion providers of sales. Publishers protect their in- 
terests by leasing, instead of selling materials, 
thus denying libraries the rights that ownership 
(e.g., of printed works) permits under the first- 
sale doctrine. Contracts with electronic informa- 
tion providers sometimes limit or forbid sharing 
or lending of materials. Libraries, particularly 
public ones, have an obligation to balance the in- 
terests of users and publishers — a balance that the 
Copyright Act ii> .intended to maintain. The grow- 
ing use of electronic information, and the tenden- 
cy of information providers to control the uses of 
this material through contracts, may lead to dis- 
tinctions between for-profit and not-for-profit li- 



brark s, in terms of their operations, cost 
differentials, and access. 

Other issues to be resolved are policies about 
the use of material obtained by library patrons. 
Some libraries offer online information and other 
services such as access to electronic bulletin 
boards to their patrons. These libraries become an 
additional link in a complex of transactions. To 
what extent are libraries responsible if users make 
unauthorized copies, post copyrighted material on 
electronic bulletin boards, send obscene mes- 
sages, or otherwise infringe copyrights, violate 
contracts, or break laws? These problems are not 
new. The photocopier eventually caused libraries 
to adopt a policy of providing copiers, posting a 
notice about the copyright law, and then leaving 
users unsupervised to follow their own con- 
sciences. Policies regarding digital information — 
what can be downloaded, number of printouts 
allowed, etc. — will also be developed. The devel- 
opment of policies for digital information may be 
more complex since contracts with information 
vendors will also be involved. 

Authorship and Compilations 

Copyright attaches to ''original works of author- 
ship.. . Original in this case means that the work 
was independently created by the author and not 
copied from another work. The U.S. Supreme 
Court has defined author as "he to whom anything 
owes its origin; originator; maker." Because much 
of digital information is in the form of compila- 
tions of facts, which are not original, how much of 
the publisher's contribution to selection, arrange- 
ment, and organization of facts should be pro- 
tected by copyright is sometimes contro- 
versial. 116 



116 The U.S. Supreme Court addressed this issue in Feist Publications v. Rural Telephone Service Co., Feist v. Rural Telephone, 499 U.S. 
340 ( 1991 ). finding that telephone White Pages are not copyrightable, and that copying them into another compilation was not an infringement. 
The Court held that the proper test for copy righ lability of a compilation is originality— not "sweat of the brow 4 ' or "industrious collection 4 as 
courts had previously held. 

113 
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Use of Digital Information 

Like print publishing, electronic publishing is 
about delivering works to readers and returning 
royalties to copyright holders. Several character- 
istics of digital information make the delivery sys- 
tem different and lead copyright owners and their 
publishers to want more control over the readers' 
uses of the information. 

In using an online information service, a reader 
buys access to the electronic information. Once 
that access is permitted, the information is out of 
the control of the copyright owner and the pub- 
lisher. For the most part, publishers have no way 
of knowing how the material is finally used or dis- 
posed of. For this reason, publishers consider in- 
formation as used as soon as it reaches the reader 
and, as a result, generally require that it be paid for 
in advance. Schemes for digital libraries usually 
postulate charging for use of documents based on 
how much information a user has retrieved. 

This means that some amount of useless in- 
formation is paid for by the user. A partial remedy 
for this is to improve search and retrieval software 
and to offer means to browse through information 
before a reader commits to requesting a whole 
document. Users generally have to agree to certain 
limitations on their use of the information, in or- 
der to gain access to the database. Copies of a 
work can be purchased on CD-ROM (Compact 
disc-read only memory) or disc, but in many 
instances, the work is leased or licensed in this 
form, not purchased. The first-sale doctrine does 
not apply in these instances; the use of the material 
is subject to the terms of the license agreement. 
Contracts may also govern the rights and respon- 
sibilities at each link of the distribution chain 
through which digital information comes to the 
end user. 

Traditionally, copyright law does not give 
copyright owners rights to control the access that 
readers have to information. Copyright owners in 
the electronic world use contracts to impose re- 
strictions to ensure that they are paid for every 
in*tance of access or use. Still, as a practical mat- 
ter, these restrictions do not prevent unauthorized 
copying. Once a user has paid for one legitimate 



copy of something, little can be done to prevent 
him or her from making other copies. Digital in- 
formation is easily copied and easily transmitted 
to many locations. These characteristics make 
electronic distribution an attractive publishing 
medium, but there is a potential for any reader to 
become a "publisher" of unauthorized copies. 

Unauthorized Copying 

Unauthorized copying is not a problem unique to 
digital information, yet digital copies are unique 
in that, unlike photocopies and facsimiles, each 
copy is of the same quality as the original. Dis- 
tribution is easy; the copy can be posted on a com- 
puter bulletin board or distributed to a list of users 
on a computer network. Scanning technology al- 
lows one to turn information on paper into digital 
information so that it can be changed or manipu- 
lated, and if one wants to disguise the origins or 
authorship of the document, format changes can 
be made with a few keystrokes. 

Technological proposals for limiting unautho- 
rized copying generally seem to work only within 
a closed system. Once a user moves an authorized 
copy out of the system, there seems to be no way 
to prevent further copying. Some writers suggest 
that there is no solution to the problem of unautho- 
rized copying and that the problem is sufficiently 
grave that electronic publishing will never thrive 
as an industry because authors and publishers will 
not release works in digital form. However, it is 
possible that, as in the case of the photocopying of 
books or home taping of musical recordings, a vi- 
able market will persist despite the presence of un- 
authorized copies. 

OTA Options from the 1992 Study 

In Finding a Balance, OTA offered several op- 
tions to Congress to address these issues. As Con- 
gress has not revisited these fundamental 
copyright questions, it is worthwhile to bear these 
in mind when examining computer security issues 
surrounding networked information collections. 

To deal with the issues of fair use of works in 
electronic form, OTA suggested that: 
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■ Congress might clarify the fair-use guidelines 
in the Copyright Act with regard to lending t re- 
source sharing, interlibrary loan, archival and 
preservation copying, and copying for patron 

y^use. 

■ OTA further suggested that Congress might es- 
tablish legislative guidance regarding fair use 
of works in electronic form and what consti- 
tutes copying, reading, and using. Another op- 
tion would be to direc, he Copyright Office, 
with assistance from producers and users of 
electronic information, to develop and dissemi- 
nate practical guidelines regarding these is- 
sues. 

With respect to question raised concerning multi- 
media works, 

■ OTA suggested that Congress clarify the status 
of mixed-media works with regard to their 
protection under copyright. 

I Multimedia Works and 
Performances over Networks 

Networked information systems will contain an 
increasing amount of electronic information in 
multimedia format, causing concern in the library 
community with respect to copyright protection. 
The fact that digital storage makes all works es- 
sentially equivalent complicates the definition 
and treatment of digital work under the law of 
copyright. Current copyright law allocates partic- 
ular rights according to the category to which the 
work belongs, including literary works, dramatic 
works, pictorial, graphic and sculptural works, au- 
diovisual work, motion pictures, musical com- 
positions, computer programs, and sound 
recordings. These different categories sometimes 
have different implications for uses and protec- 



tions of the work. There is no category for a 
mixed-media work that combines examples from 
each of these categories. 117 

One approach suggests that a mixed-media 
work should be considered to be a series of differ- 
ent works, with each type of work treated accord- 
ing to its class. However, enforcement of 
intellectual property rights in such a system would 
be complex. Another approach would be to con- 
sider the whole package as if all the works were of 
the same category. 1 18 This approach would poten- 
tially produce what could be crgued to be inequita- 
ble distribution of intellectual property royalties. 

Copyright protects the writings of an author 
against unauthorized copying, distribution, and so 
forth, and protects the form of expression rather 
than the subject matter of the writing. It does not 
protect against independent creation. Copyright 
grants the owner the exclusive right to do the fol- 
lowing: (and to authorize others to): 

■ reproduce copies of the copyrighted work; 

■ prepare derivative works based on the copy- 
righted work; 

■ distribute copies of the copyrighted work to the 
public by sale or other transfer of ownership, or 
by rental, lease or lending; 

■ in the case of certain works (literary, musical, 
dramatic and choreographic works, panto- 
mimes, and motion pictures and audiovisual 
works), perform the copyrighted works public- 
ly; and 

■ in the case of the certain works, display the 
copyrighted work publicly. 119 

The statute (17 U.S.C.) does, however, specify 
certain limitations to the copyright owner's exclu- 
sive rights. It grants to others the noninfringing 
use of the copyrighted works. These limitations 
include the fair use of the work (section 1 07), cer- 



117 Commentators point out that only 10 percent of all copyrighted works arc affected by multimedia and networking, and that while some 
review of the law may be necessary, what is really needed is a confluence of business and licensing practices. (Oliver Smoot. Executive Vice- 
President. Computer and Business Equipment Manufacturers Association, personal communication. May 1994.) 

1 1 B American Association of Law Libraries. "Copyright Consideration for the Use of Mixed Media in Libraries." discussion draft, appeared 
as an appendix lo A-V Micrographics SIS Newsletter, vol. ll\ No. 2. May 1990. and Automation, vol. 9. No. 2, winter 1990. pp. 12-23. 
1,9 1 7 U.S.C. sec. 106. 
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tain kinds of reproduction by libraries and ar- 
chives (section 108), certain educational 
performances and displays (section 1 10), and cer- 
tain other uses (section 117). 

The copyright law also provides a first-sale 
doctrine that upholds the copyright of the copy- 
right owner during the first sale or commercial 
transaction of the work, but extinguishes the 
copyright owner's rights in subsequent sales or 
transactions of the purchased copy. The House 
Report accompanying the original (1976) legisla- 
tion provided an example of the application of the 
first-sale doctrine: 

Thus, for example, the outright sale of an au- 
thorized copy of a book frees it from any copy- 
right control over its resale price or other 
conditions of its future disposition. A library 
that has acquired ownership of a copy is entitled 
to lend it under any conditions it chooses to im- 
pose. 120 

Exceptions to this provision include computer 
programs embodied in a machine or product that 
cannot be copied during ordinary operation or use, 
or computer programs embodied in or used in con- 
junction with a limited-purpose computer, those 
designed particularly for playing video games. 

The unifying issue surrounding all copyrighted 
works is the right to make copies for various pur- 
poses. Once a copy is sold, the loaning of physical 
objects, such as books or serials, is not at issue, nor 
is the ability of a library patron to view a book 
owned by a library. But when copyright law is ap- 
plied beyond the realm of printed material (e.g., 
recordings, videotapes., and disks), it addresses 



not only the right to copy, but also the right to pub- 
licly display and perform works. 

The issues related to traditional audiovisual 
materials have already been a source of problems 
for libraries. Early experiences with the lending of 
software also has raised numerous issues. 121 
More important, however, may be determining to 
what extent the rights of public performance and 
display will be attributed to the viewing of elec- 
troni ; information of all types, ranging from the 
library user's browsing of bitmapped images of 
print pages through interaction with a digital mov- 
ie driven by a program. 122 

Widespread development of multimedia au- 
thoring tools will raise other issues as well. Multi- 
media integrates film clips, visual images, music, 
and sound along with other content, and most de- 
velopers of multimedia are not simultaneously ar- 
tists, composers, and musical performers. There 
may well be a demand for copyright-free (public 
domain) materials that can be included in multi- 
media works. There are a large number of ambigu- 
ous copyright questions in this regard, with 
limited consensus and certainty. These questions 
include: 

■ Who owns the rights to digitize an image, in- 
cluding photographs, images of classic paint- 
ings, and other materials? 

■ If an image or other kind of data is digitized and 
subsequently enhanced, is the second-genera- 
tion image protected under copyright? 

■ To what extent is the linkage of a series of media 
(e.g., images and a sound tract) copyrightable 



120 Sec U.S. Congress. House of Representatives. Committee on the Judiciary, Report to Accompany S. 22. H. Rpt. 94-} 476 (Washington. 
DC: U.S. Government Printing Office. September 1976), p. 79. 

1 2 1 Library lending of computer software was the subject of a recent Copyright Office study and report to Congress. The Computer Software 
Rental Amendments Act of 1990: The Nonprofit Library Lending Exemption to the Rental Right, A Report of the Acting Register of Copyrights. 
March 1994. Some commentators note that these issues are even more complicated with respect to multimedia works. They assert that it is 
unclear whether the Software Rental Act applies to multimedia. (Jeffrey Ncubergcr, Associate, Brown, Raysman & Millstcin. personal commu- 
nication. May 1994.) 

122 U.S. Congress. Office of Technology Assessment. Accessibility and integrity of Networked Information Collections — Background Pa- 
pen background paper prepared for OTA by Clifford A. tynch, BP-TCT-109 (Washington. DC: Office of Technology Assessment. July 1993). 

Some commentators believe that these rights would be best determined from a license agreement. (C fiver Smoot, Executive Vice-President. 
Computer and Business Equipment Manufacturers Association, personal communication. April 1994.) 
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separately from the images themselves and the 
soundtrack itself? 

■ To what extent are 1 ibraries (or other networked 
information providers) liable for contributing 
to copyright infringement in an electronic in- 
formation environment? 123 

■ Does the rightholder in a work hold all neces- 
sary rights to that work's components? What 
rights have been conveyed through already ex- 
isting agreements? How are necessary rights 
acquired? 

■ Depending on what works are incorporated, and 
the method by which the product is to be ex- 
ploited (including manufacture, sale, and dis- 
tribution), what rights are necessary to each 
item included in the product? 124 

While these questions may be decided through 
the courts, most libraries do not wish to serve as 
test cases, and some are concerned that this at- 
tempt to limit the potential legal liability of the 
current uncertain copyright framework may con- 
tribute to the destruction of the interlibrary loan 
system by turning to a contract or licensing ap- 
proach to acquiring material. 125 

With respect to these types of works: 

■ Congress could allow the courts to continue to 
define the law of copyright as it is applied in 
the world of electronic information; alterna- 
tively, 

■ Congress could take specific legislative action 
to clarify and further define the law in the 
world of electronic information. 126 



■ Congress could also allow information pro- 
viders and purchasers to enter into agree- 
ments that would establish community 
guidelines without having the force of law. 127 
In so doing, Congress could decide at some 
point in the future to review the success of such 
an approach. 

I Copyright Collectives 

Collectives are a way to share the profits within an 
industry when tracking the user of individual ele- 
ments of intellectual property is not feasible. The 
music industry, represented in organizations such 
as the American Society of Composers, Authors 
and Publishers (ASCAP) and Broadcast Music, 
Inc. (BM1), adopted such an approach to manage 
the copyright in musical works and share the reve- 
nue from those rights based on statistical esti- 
mates of the amount of use of the artist's work. 

ASCAP assigns each performance a value de- 
pending on the type, for example, a feature or 
background performance. Each performance is 
then weighted according to the size and impor- 
tance of the logged station, time of day of pro- 
gram, and so forth, to determine the total number 
of performance credits. Quarterly, the total perfor- 
mance credits for writers as a group and for pub- 
lishers as a group are divided into the respective 
dollars of distributable revenue to yield the dollar 
value of a performance credit for each group. On 
payment, ASCAP issues a detailed statement 
showing the title of the work surveyed, the num- 



1 23 Lynch (ibid.), pp. 26-27. Digitization of information and creation of digital libraries raises questions central to the law of copyright itself. 
For example, what constitutes a copy? How much must a work be changed when it is no longer a copy? When a work has been digitally manipu- 
lated, how docs one prove that is or is not a copy? What constitutes fair use in a digital environment? These questions, however, are beyond the 
scope of this inquiry, but arc discussed in depth in an earlier OTA report. Finding a Balance, op. cit.. footnote 1 1 3. Recent work on the appropri- 
ateness of the copyright paradigm for the information highway includes: R. Nimmer and P. Krauthaus, "Copyright in the Information Super- 
highway: Requiem for a Middleweight." Stanford Journal of Law and Policy (in press). 

]U Jeffrey Neuberger. Associate. Bmwn, Raysman & Millstein, personal communication. May 1994. 

125 C.A. Lynch, op. cit.. footnote 122. pp. 19-28. 

1 26 Some commentators suggest that it is inappropriate to make potentially radical changes to the copyright law to address the concerns of 
libraries. (Oliver Smoot. Executive Vice-President. Compuater and Business Equipment Manufacturers Association, personal communication. 
April 1994.) 

127 Some commentators express the concern that such an approach would potentially violate the antitrust laws. (Ibid.) 
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ber of performance credits earned, and the media 
on which the performance appeared. 

ASCAP has two systems of payments for its 
writers: the current performance plan distributes 
the writer's share of the money on the basis of his 
or her performance over the past four quarters. 
New writer members are initially paid on the cur- 
rent performance plan, with the option of switch- 
ing to the four-fund basis after three full survey 
years. The four-fund system is a deferred payment 
plan based partly on current performance, but 
mostly on an average of performances over a peri- 
od of five or 1 0 years. 

Distribution of royalties to publishers is deter- 
mined on a current performance basis only, in 
which the publisher is paid on account for the first 
three quarters, with adjustments made in the 
fourth quarter. 

BMI affiliates are paid according to a published 
royalty payment schedule, which distinguishes 
between radio and television performances and 
between feature, theme, and background musical 
performances. A performance index is calculated 
for each performance, based on the number of 
times it is played on the radio and television sta- 
tions and the total revenue earned paid to the affili- 
ates. BMI's royalty payment schedule allows for 
bonus credits based on the number of times a work 
is played on the radio or television. Bonus credits 
are calculated on a song-by-song basis. 

Management and protection of copyright in the 
context of digital libraries and the National In- 
formation Infrastructure face similar challenges to 
those confronted by the music industry. OTA sug- 
gests that private efforts to form clearing and roy- 
alty collection agencies for groups of copyright 
owners be encouraged or that Congress create 
such groups. Collectives similar to ASCAP and 
BMI are contemplated by some for administering 
copyright in digital information; private-sector in- 
formation providers are particularly concerned 
that these collectives remain a private-sector ini- 
tiative. 

The Copyright Clearance Center, Inc. (CCC) 
has attempted to resolve some of these issues with 
respect to electronic conversion, storage, and dis- 



tribution of full-text copyrighted material. The 
CCC is an organization of publishers, authors, and 
users formed at the suggestion of Congress to fa- 
cilitate compliance with reprographic rights as de- 
fined in the 1 976 Copyright Act. Since 1988, CCC 
has instituted pilot electronic licensing studies in, 
among others, the areas of telecommunications. 
CCC recognizes the need to address the possibili- 
ties for altering the integrity of the information or 
disseminating it widely without authority, and is 
investigating the role of encryption, validation, 
access and manipulation restrictions, and usage 
monitoring. 

Several services already provided by CCC 
might serve as models or guides for treatment of 
copyright in electronic texts. The Transactional 
Reporting Service provides users — document sup- 
pliers, academic institutions, government agen- 
cies, law firms, medical centers, small corpora- 
tions, and individual — with the immediate 
authorization to make photocopies from 1.5 mil- 
lion publications from more than 8,500 publishers 
worldwide A record of photocopying activity is 
reported to CCC, which provides a printed or CD- 
ROM catalog of all CCC-registered titles and their 
individual royalty fees. Copies are reported 
monthly, and CCC collects royalties and distrib- 
utes fees to the rightholders. 

CCC also provides the Annual Authorization 
Service, a mechanism for facilitating copyright 
compliance. By paying a single annual fee, licens- 
ees are authorized to photocopy excerpts (for in- 
ternal distribution) from 1.5 million journals, 
books, magazines, and newsletters from 8,500 do- 
mestic and foreign publishers. Licensees elimi- 
nate the need to seek individual permissions from 
publishers, as well as the neeu for tracking, report- 
ing, and paying fees for individual copying acts. 
The annual fee is determined by a statistical proc- 
ess that combines fees set by the rightholder with 
data derived from surveys of actual copying be- 
havior by categorized employee populations. 

In contrast to these licensing approaches to ad- 
ministering copyright, others believe that the 
tracking and monitoring capabilities of the com- 
puters and networks comprising the digital library 



irs. 
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allow creation of an environment that operates 
strictly on a fee-for-use basis. 128 The Corporation 
for National Research Initiatives (CNRI) has pro- 
posed a test bed for an electronic copyright man- 
agement system. The proposed system would 
include four major elements: automated copyright 
recording and registration, automated online 
clearance of rights, private electronic mail, and 
digital signatures to provide security. It would in- 
clude three subsystems: a registration and record- 
ing system (RRS), a digital library system, and a 
rights management system (RMS). The RRS 
would provide the functions enumerated above 
and would be operated by the Library of Congress. 
It would provide "change of title" information. 
The RMS would be an interactive distributed sys- 
tem capable of granting rights online and permit- 
ting the use of copyrighted material in the digital 
library system. The test-bed architecture would 
involve computers connected to the Internet per- 
forming the RRS and RMS functions. Digital sig- 
natures would link an electronic bibliographic 
record (EBR) with the contents of the work, ensur- 
ing against alteration after deposit. Multiple RMS 
servers would be attached to the Internet. A user 
wishing to obtain rights to an electronically pub- 
lished work would interact electronically with the 
appropriate RMS. When copyright ownership is 
transferred, a message could be sent from the 
RMS to the RRS, creating an electronic market- 
place for copyrighted material. The EBR sub- 



mitted w : th a new work would identify the right- 
holder and any terms and conditions on the use of 
the document or a pointer to a designated contact 
for rights and permission. The CNRI test-bed pro- 
posal envisions the use of public key encryption 
to ensure the integrity of digital signatures and to 
ensure the authenticity of information. 129 The 
Copyright Clearance Center is attempting to de- 
velop a scheme for determining rights and permis- 
sion for use online. Other private-sector groups 
have also been involved in this effort. 130 
With respect to rights and royalties: 

■ Congress may wish to encourage private ef- 
forts to form clearing and royalty collection 
agencies for groups of copyright owners; al- 
ternatively, 

■ Congress might allow private-sector develop- 
ment of network tracking and monitoring ca- 
pabilities to support a fee-for-use basis of 
copyrighted works in electronic form. Con- 
gress could also choose to review whether such 
an approach is a workable one, both from the 
standpoint of technological capabilities and 
copyright protection (e.g., Does such an ap- 
proach serve the fair-use exception? Can net- 
work technologies effectively address this 
question?). This might be accomplished by 
conducting oversight hearings, undertaking a 
staff analysis, and/or requesting a study from 
the Copyright Office. 



1 28 One set of requirements for protective services for dissemination of copyrighted materials that has been proposed includes a mechanism 
for authentication, implementation of means to limit redistribution, protection against plagiarism and change, storage and exchange of informa- 
tion in standardized but device* independent forms, and means for appropriate remuneration. R.J. Linn, "Copyright and Information Services in 
the Context of the National Research and Education Network." IMA Intellectual Property Protection Proceedings, vol. 1, Issue 1, p. 9. 

129 H. Pcrritt. "Permissions Headers and Contract Law," IMA Intellectual Property Protect Proceedings, vol. I , Issue I , p. 29*32. 

130 Among these initiatives arc efforts on the part of the Corporation for National Research Initiatives and the Interactive Multimedia 
Association, Project Xanadu. Coalition for Networked Information, and TULIP (The University Licensing Program). 
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The federal government faces fundamental tension be- 
tween two important policy objectives: 1) fostering the 
development and widespread use of cost-effective in- 
formation safeguards, and 2) controlling the proliferation 
of safeguard technologies that can impair U.S. signals-intelli- 
gence and law-enforcement capabilities. This tension runs 
throughout the government's activities as a developer, user, and 
regulator of safeguard technologies. The first section of this chap- 
ter introduces this tension as it concerns the proliferation of cryp- 
tography that could impair U.S. signals intelligence and law 
enforcement, and the resulting struggle to control cryptography 
through federal standards and export controls (see box 4-1), 

The chapter then discusses the effects of governmental con- 
cerns about cryptography on the availability and use of safe- 
guards in the private and public sectors. Government agencies 
differ from most of the private sector in that the impact of nation- 
al-security concerns on agencies' operational choices is more di- 
rect, 1 Agencies must operate according to information-security 
statutes, executive orders, regulations, policies, guidelines, and 



1 Federal policy for communication security has traditionally been dominated by na- 
tional security interests. With the convergence of computer and communication technolo- 
gies, national security concerns have continued to play a major role in information securi- 
ty and the Department of Defense (DOD) and the National Security Agency (NS A) have 
continued to play the major role in technology and policy development. For an overview 
of previous federal policy attempts to balance national-security and other interests (em- 
bodied in the respective roles of the Departments of Defense and Commerce in develop- 
ing safeguard standards for civilian agencies), sec U.S. Congress, Office of Technology 
Assessment. Defending Secrets, Sharing Data: New Locks and Keys for Electronic In- 
formation, OTA-CIT-310 (Washington. DC: U.S. Government Printing Office. October 
1987). especially ch. 4 and ch. 6. 
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BOX 4-1: What Is Cryptography'? 



During the long histor of paper-based "information systems" for commerce and communication, a 
number of safeguards were developed to ensure the confidentiality (i.e., secrecy of the contents), integ- 
rity 1 (i.e., without transmission errors or unauthorized changes) and authenticity (i.e., coming from the 
stated source and not forged) of documents and messages. These traditional safeguards included se- 
cret codebooks and passwords, physical "seals" to authenticate signatures, and auditable bookkeep- 
ing procedures. Mathematical analogues of these are implemented in the electronic environment. The 
most powerful of these are based on cryptography. (See "A Note on Terminology." below ) 

The recorded history of cryptography is more than 4,000 years old. Manual encryption methods us- 
ing codebooks, letter and number substitutions, and transpositions have been used for hundreds of 
years— for example, the Library of Congress has letters from Thomas Jefferson to James Madison con- 
taining encrypted passages. Modern, computer-based cryptography and cryptanalysis began in the 
World War II era, with the successful Allied computational efforts to break the ciphers generated by the 
German Enigma machines, and with the British Colossus computing machines used to analyze a cru- 
cial cipher used in the most sensitive German teletype messages. 2 

In the post-WWII era, the premiere locus of U.S. cryptographic research and (especially) research in 
cryptanalysis has been the Department of Defense's National Security Agency (NSA) 3 NSA's preemi- 
nent position results from its extensive role in U.S. signals intelligence and in securing classified com- 
munications, and the resulting need to understand cryptography as a tool to protect information and as 
a tool used by adversaries. 

Cryptography provides confidentiality through encoding, in which an arbitrary table is used to trans- 
late the text or message into its coded form, or through encipherment , in which an encryption algorithm 
and key are used to transform the original plaintext into the encrypted ciphertext. The original text or 
message is recovered from the encrypted message through the inverse operation of decryption — i e , 
decoding or deciphering the encrypted message. Cryptanalysis is the study and development of vari- 
ous "codebreaking" methods to deduce the contents of the original plaintext message. The strength of 
an encryption algorithm is a function of the number of steps, storage, and time required to break the 
cipher and read any encrypted message, without prior knowledge of the key Mathematical advances, 
advances in cryptanalysis, and advances in computing, all can reduce the security afforded by a cryp- 
tosystem that was previously considered "unbreakable" in practice 



1 Robert Courtney and Willis Ware have proposed a somewhat different definition ot integrity, m terms of "having quality meet a 
prion expectations." (Willis Ware, personal communication, Apr 29. 1994, Computers & Security, forthcoming. 1994 ) 

2 See Glenn Zorpetle, "Breaking the Enemy's Code." IEEE Spectrum. September 1987. pp 47-51 More generally, see David 
Kahn, TheCodebreakers (New York. NY MacMillan, 1967) 

3 For national-security reasons. NSA has a history of efforts to control independent cryptographic research and publication Aca- 
demic and commercial resistance to NSA's controls increased through the 1 970s and 1 980s. and sophisticated cryplography of non- 
governmental origin began to be offered commercially in the 1 980s Notable among these are public-key cryptosystems that can be 
used for confidentiality, authentication, and digital signatures. 

(continued) 



standards that have been established within the 
framework of national-security concerns. Regard- 
ing safeguards based on cryptography, national- 
security concerns shape the standards available to 
agencies for use in safeguarding unclassified in- 



formation. Therefore, these concerns also affect 
civilian agencies that are usually not thought of in 
conjunction with "national security/* The ability 
of corporations — as well as government agen- 
cies — to appropriately safeguard their infor- 
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BOX 4-1 : What Is Cryptography? 



The strength of a modern encryption scheme is determined by the algorithm itself and the length of 
the key For a given algorithm, strength increases with key size. However, key size alone is a not a valid 
means of comparing the strength of two different encryption systems. Differences in the properties of 
the algorithms may mean that a system using a shorter key is stronger overall than one using a longer 
key 

Applications of cryptography have evolved along with cryptographic techniques. Cryptography was 
originally used to protect the confidentiality of communications; encryption is now also used to protect 
the confidentiality of information stored in electronic form and to protect the integrity and authenticity of 
both transmitted and stored information. 4 With the advent of "public-key" techniques, cryptography 
came into use for "digital signatures" that are of widespread interest as a means for electronically au- 
thenticating and signing commercial transactions like purchase orders, tax returns, and funds transfers, 
as well as ensuring that unauthorized changes or errors are detected. (See below and also discussion 
of electronic commerce in chapter 3.) Thus, cryptography in its modern setting is a technology of broad 
application. 

Key management is fundamental and crucial to the security afforded by any cryptography-based 
safeguard. Key management includes generation of the encryption key or keys, as well as their storage, 
distribution, cataloging, and eventual destruction. If secret keys are not closely held, the result is the 
same as if a physical key is left "lying around" to be stolen or duplicated without the owner's knowledge 
Similarly, poorly chosen keys may offer no more security than a lock that can be opened with a hairpin. 
Changing keys frequently can limit the amount of information or the number of transactions compro- 
mised due to unauthorized access to a given key. Thus, a well-thought-out and secure key-manage- 
ment infrastructure is necessary for effective use of encryption-based safeguards in network environ- 
ments. (See discussion of key infrastructures in chapter 2.) 

A Note on Terminology 5 

Cryptography, a field of applied mathematics/computer science, is the technique of concealing the 
contents of a message by a code or a cipher. A code uses an arbitrary table (codebook) to translate 
from the message to its coded form; a cipher applies an algorithm to the message. 

Cryptographic algorithms— specific techniques for transforming the original input into a form that is 
unintelligible without special knowledge of some secret (closely held) information— are used to encrypt 
and decrypt messages, data, or other text The encrypted text is often referred to as ctphertext, the 
original or decrypted text is often referred to as plaintext or cleartext. In modern cryptography, the se- 
cret information is the cryptographic key that "unlocks" the ciphertext and reveals the plaintext 

The encryption algorithms and key or keys are implemented in a cryptosystem The key used to 
decrypt can be the same as the one used to encrypt the original plaintext, or the encryption and de- 
cryption keys can be different (but mathematically related). One key is used for both encryption and 
decryption in symmetric, or "conventional" cryptosystems; in asymmetric, or "public-key" cryptosys- 
tems, the encryption and decryption keys are different and one of them can be made public 



4 integrity and authenticity are both aspects of a cryptographic safeguard technique called 'authentication "or "message authen- 
tication " (See box 4-4 on digital signatures ) 

& For a glossary, see D W Davies and W L Price. Security tor Computer Networks. 2nd Ed (New York. NY John Wiley & Sons. 
1992) 

SOURCE Office of Technology Assessment. 1994. and cited sources 
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German Enigma cipher machines used during World War II. 

mation also furthers national security, 2 but 
(except for government contractors) corporations ' 
technology choices are usually less directly re- 
lated to the national-security objectives of the 
government. 3 

Next, the chapter reviews the policy framework 
within which federal agencies carry out their in- 
formation security and privacy activities. (Privacy 



issues and the Privacy Act of 1 974 were discussed 
in chapter 3.) Special attention is given to the 
Computer Security Act of 1987 (Public Law 
100-235) and the responsibilities of the National 
Institute of Standards and Technology (NIST) and 
the National Security Agency (NSA) according to 
the Computer Security Act. These are important 
in understanding issues related to the develop- 



2 Sec. e.g.. U.S. Congress. Mouse of Representatives. Subcommittee on Economic and Commercial Law. Committee on the Judiciary. The 
Threat oj A on t^n Economic Espionage to U.S. Corporations .hearings. l02dCong.. 2d scss.. Apr. 29 and May 7. 1992. Serial No. 65 (Washing- 
Urn. DC: U.S. Government Printing Office. 1992). 

^Federal Information Processing Standards (FIPS) usually apply to agencies and their contractors. Sometimes they are incorporated into 
voluntary mdustr, and or international standards, in which case they do help shape technology choices in the private sector. 
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ment and use of federal safeguard standards and 
guidelines. Some of these Federal Information 
Processing Standards (FIPS) have been incorpo- 
rated in industry and international standards. 

The chapter looks at two major mechanisms the 
government uses to control cryptography: export 
controls and standards setting. The current activi- 
ties of NIST and NS A regarding information safe- 
guards and standards are reviewed. Two recent 
FIPS, the Digital Signature Standard (DSS) and 
the Escrowed Encryption Standard (EES), are ex- 
amined in terms of a long-term government strate- 
gy to control the availability and use of 
information safeguards based on cryptography. 

The final section of this chapter presents policy 
options for congressional consideration. These in- 
clude near-term options related to cryptography 
policy (including export controls and federal stan- 
dards based on cryptography), as well as strategic 
options for a broad congressional review of na- 
tional cryptography policy. 

IMPORTANCE OF CRYPTOGRAPHY 

The tension between promoting and controlling 
the widespread use of safeguards has existed for 
decades, but changes in the international arena, in 
technology, and in the needs of user communities 
(e.g., as in the Internet) are bringing it to the fore- 
front of public attention. 4 This tension is mani- 
fested in export controls on a fundamental tech- 
nology for safeguarding information — cryptogra- 
phy — and in the federal government's process for 
developing and promulgating cryptography- 
based standards for use in safeguarding unclassi- 
fied information. 



From the end of World War I through the 
mid-1970s, the federal government was almost 
the sole source of technology and know-how for 
safeguards that used cryptography to ensure in- 
formation confidentiality. This monopoly has 
been eroding, however. Good encryption technol- 
ogy is available commercially in the United States 
and abroad, and cryptography research is interna- 
tional. These developments have raised ques- 
tions — eo t .ciaUy from software developers — as 
to whether existing policies concerning the sale 
and export of encryption products are outdated 
and should be modified, or whether continued re- 
strictions are still required to meet national- secu- 
rity and signals-intelligence objectives. 5 These 
topics are discussed later in this chapter, with a fo- 
cus on government operations and attempts to bal- 
ance national-security and other objecti.es, like 
personal rights, open government, and market 
competitiveness; their impact on the safeguards 
marketplace in general is discussed in chapter 2. 

Policy debate in this area used to be almost as 
arcane as the technology itself. Most people didn't 
regard government decisions about cryptography 
as having direct effect on their lives. However, the 
technology of daily life is changing, making elec- 
tronic transactions and records central to every- 
thing from commerce to health care. Thus, 
concern over the implications of privacy and secu- 
rity policies dominated by national-security ob- 
jectives has grown dramatically in business and 
academic communities that produce or use in- 
formation safeguards, as well as among the gener- 
al public (see chapter 3). 6 This concern is 
evidenced in the debates over the government's 



4 For example, good safeguards are needed to protect U.S. information from foreign intelligence, but the same safeguards might be used 
to protect foreign communications from U.S. intelligence. A similar argument can be made from a law-enforcement perspective. 

5 Commercial security products containing robust cryptography that can be used for confidentiality— i.e., that can do strong encryption — 
arc subject to strict export controls and usually cannot be exported, except for limited applications like banking. Thus, when international inter- 
operability is desired, expert controls form a barrier to use of many U.S. -origin encryption products (including software products) in security 
systems. However, the same technologies are often readily available outside the United States. Sec discussion of export controls later in this 
chapter. 

6 Sec Susan Landau ct al., Codes. Keys, and Conflicts: Issues tn U.S. Crypto Policy, report of a special panel of the ACM U.S. Public Policy 
Committee (New York, NY: Association for Computing Machinery, June 1994). 
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Escrowed Encryption Standard, colloquially re- 
ferred to ;;S Clipper or the Clipper chip. The EES 
is intended for use in safeguarding voice, facsim- 
ile, orcomputerdatacommunicated in atelephone 
system7 (see box 4-2). 

Previously, control of the availability and use 
of cryptography was presented as a national-secu- 
rity issue focused outward, with the intention of 
maintaining a U.S. technological lead, compared 
with other countries. Now, with an increasing do- 
mestic policy focus on crime and terrorism, the 
availability and use of cryptography has also 
come into prominence as a domestic-security, 
law-enforcement issue. More widespread foreign 
use of cryptography — including use by terrorists 
and developing countries — makes U.S. signals 
intelligence more difficult. Within the United 
States, cryptography is increasingly being por- 
trayed as a threat to domestic security (public safe- 
ty) and a barrier to law enforcement if it is readily 
available for use by terrorists or criminals. 8 There 
is also growing recognition of the potential mis- 
uses of cryptography, such as by disgruntled em- 



ployees as a means to sabotage an employer's 
databases. 9 

In May 1 994 testimony before the Subcommit- 
tee on Technology, Environment, and Aviation of 
the House Committee on Science, Space, and 
Technology, James Kallstrom of the Federal Bu- 
reau of Investigation (FBI) noted: 

[The Omnibus Crime Control and Safe 
Streets Act of 1968] permits electronic surveil- 
lance only for serious felony offenses and only 
when other investigative techniques will not 
work or are too dangerous. Since 1968, law en- 
forcement has used this crime-solving and 
crime-preventing technique very effectively 
and judiciously to protect our people. In a ten- 
year period ending in 1992, more than 22,000 
convictions have resulted from court-authorized 
surveillances. 10 

... the use of excellent cryptographic prod- 
ucts by the myriad array of criminals and terro- 
rists poses an extremely serious threat to the 
public safety and national security. 



7 The Clipper chip is designed for use in telephone systems; it contains the EES encryption algorithm, called SKIPJACK. The Capstone 
chip and TESSERA PCMCIA card also contain the SKIPJACK algorithm; these implementations are for use in data communications. (Clinton 
Brooks. Special Assistant to the Director. NSA. personal communication. May 25. 1994.) 

The Clipper chip is being used in the AT&T Surity Telephone Device 3600 which has a retai 1 price of about $ 1 , 1 00. It has been approved 
for government use for unclassified voice encryption. The Department of Justice purchased 9,000 of them. AT&T sells another version of the 
Surity 3600. using a proprietary AT&T encryption algorithm, for about the same price. (Brad Bass. "AT&T Unveils First Clipper Device on 
GSA Schedule" Federal Computer Week % May 9. 1 994, pp. 24.29.) 

8 For example, high-quality, low-cost voice encryptors are becoming available at reasonable cost. For recent exposition of law-enforcement 
and national- security concerns with respect to cryptography and the rationale for the EES. see Jo Ann Harris. Assistant Attorney General, Crimi- 
nal Division, U.S. Department of Justice, testimony presented before the Subcommittee on Technology and the Law, Committee on the Judicia- 
ry, U.S. Senate, May 3, 1994; Vice Adm. J.M. McConnell, Director. National Security Agency, testimony presented before the Subcommittee 
on Technology and the Law, Committee on the Judiciary, U.S. Senate. May 3. 1 994; and James K. Kallstrom. Special Agent in Charge. Special 
Operations Division. New York Field Division. Federal Bureau of Investigation, testimony presented before the Subcommittee on Technology, 
Environment and Aviation. Committee on Science, Space and Technology, U.S. House of Representatives. May 3. 1994. 

Sec also Landau et ah. op. cit.. footnote 6; and Dorothy E. Denning, "The U.S. Key Escrow Encryption Technology," in Computer Com- 
munications (Oxford, UK: Butterworth-Heinemann Ltd., in press). But see David Banisar, "Roadblocks on the Information Superhighway. 
Governmental Intrusions on Privacy and Security," Federal Bar News and Journal, in press. 

9 Sec Donn B. Parker, Senior Management Consultant. SRI International, "Crypto and Avoidance of Business Information Anarchy," Sep- 
tember 1993 (obtained from the author). Parker describes problems that could occur in organizations if cryptography is used without adequate 
key management and override capabilities by responsible corporate officers. These problems include keys being held for ransom by disgruntled 
employees, data being rendered inaccessible after being encrypted by employees who then leave to start their own company, and so forth. 

10 Kallstrom testimony, op. cit., footnote 8, p. 3. Kallstrom noted that in 1992 the total number of criminal wiretap orders obtained by all 
federal, state, and local law-enforcement agencies was 919; about two-thirds of these were for serious state and local felonies. 
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BOX 4-2: What Is the EES? 



The federal Escrowed Encryption Standard (EES) was approved by the Department of Commerce 
as a Federal Information Processing Standard (FIPS) in February 1994. 1 According to the standard 
(see FIPS Publication 185), the EES is intended for voluntary use by all federal departments and agen- 
cies and their contractors to protect unclassified information. Implementations of the EES are subject to 
State Department export controls. However, encryption products based on EES may be exported to 
most end users, and these products will qualify for special licensing arrangements. 2 

The F13 is intended to encrypt voice, facsimile, and computer data communicated in a telephone 
system. It may, on a voluntary basis, be used to replace DES encryption devices now in use by federal 
agencies and contractors. Other use by the private sector is voluntary. The EES specifies a symmetric 
encryption algorithm, called SKIPJACK. The SKIPJACK algorithm is a classified algorithm, developed 
by NSA in the 1980s. 3 An early implementation was called Clipper, hence the colloquial use of Clipper 
or Clipper chip to describe the EES technology. 4 

The EES also specifies a method to create a Law Enforcement Access Field (LEAF), in order to pro- 
vide for easy decryption when the equivalent of a wiretap has been authorized. 5 The SKIPJACK algo- 
rithm and LEAF creation method are implemented only in electronic devices (i.e., very-large-scale-in- 
tegration chips). The chips are "highly resistant" to reverse engineering and will be embedded in tam- 
per-resistant cryptographic modules that approved manufacturers can incorporate in telecommunica- 
tions or computer equipment. The chips are manufactured by VLSI Logic and are programmed with the 
algorithms and keys by Mykotronx. The programming is done under the supervision of the two "escrow 
agents" (see below) 

After electronic surveillance has been authorized, the EES facilitates law enforcement access to en- 
crypted communications. This is accomplished through what is called a "key escrowing" scheme. 
Each EES chip has a chip-specific key that is split into two parts after being programmed into the 
chips. These parts can be recombined to gain access to encrypted communications. One part is held 



1 See Federal Register, vol 59. Feb 9, 1994. pp. 5997-6005. FIPS Publication 185 ("Escrowed Encryption Standard." 1994) de- 
scribes theapphcabilily, implementation, and maintenance ol the standard, as well as specifications for its use. Unlike the DES algo- 
rithm, the EES atgorithm is classified and not publicly available for inspection. 

2 Martha Harris, Deputy Assistant Secretary of State for Political-Military Affairs. "Statement on Encryption— Export Control Re- 
form." Feb 4. 1994 

3 The NSA specification for SKIPJACK is contained in "SKIPJACK. R21-TECH-044-01 ." May 21 . 1991 ; this technical report is 
classified at the Secret level The NSA specifications for the LEAF creation method are contained in "Law Enforcement Access Field 
for the Key Escrow Microcircuit." also classified at the Secret level. Organizations holding an appropriate security clearance and 
entering into a Memorandum of Agreement with NSA regarding implementation of the standard can have access to these (OTA proj- 
ect staff did not access these, or any other classified information in the course of this study) 

4 The Clipper ch ip implementation of SKIPJACK is for use in secure telephone communications An enhanced escrowed-encryp- 
tion chip with more functions, called Capstone, is used in data communications 

5 See Jo Ann Harris. Assistant Attorney General, Criminal Division. Department of Justice, testimony before the Subcommittee on 
Technology and the Law. Committee on the Judiciary. U S Senate. May 3. 1 994 . and James K Kallstrom. Special Agent in Charge. 
Speciat Operations Division, Federal Bureau of Investigation, testimony before the Subcommittee on Technology. Environment, and 
Aviation. Committee on Science. Space, and Technology. U S House of Representatives. May 3. 1994 For a discussion ol law en- 
forcement concerns and the rationale for government key escrowing. see alsoDorothy E Denning.'The Clipper Encryption System." 
American Scientist, vol 81. July-August 1993. pp 319-322. and ' Encryption and Law Enforcement," Feb 21. 1994. available from 
dennmgih'CS georgetown edu 

(continued) 
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BOX 4-2 (cont'd.): What Is the EES? 



by each of two designated government keyholders, or "escrow agents," When surveillance has been 
authorized and the intercepted communications are found to be encrypted using the EES, law enforce- 
ment agencies can obtain the two parts of the escrowed key from the escrow agents. These parts can 
then be used to obtain the individual keys used to encrypt (and, thus, to decrypt) the telecommunica- 
tions sessions of interest. 6 The LEAF is transmitted along with the encrypted message; it contains a 
device identifier that indicates which escrowed keys are needed. (A more technical description of how 
the EES is said to work is in chapter 2.) 

The National Security Council, Justice Department, Commerce Department, and other federal agen- 
cies were involved in the decision to propose the EES, according to a White House press release and 
information packet dated April 16, 1993, the day the EES initiative was announced. The EES algorithm 
is said to be stronger than the Data Encryption Standard (DES) algorithm, but able to meet the legiti- 
mate needs of law enforcement agencies to protect against terrorists, drug dealers, and organized 
crime. 7 

Attorney General Reno designated the National Institute of Standards and Technology and the Trea- 
sury Department's Automated Systems Division as the original escrow agents. NIST's first estimate of 
the costs of establishing the escrow system was about $14 million, with estimated annual operating 
costs of $16 million. Cost figures and escrowing procedures are being refined by the Clinton Adminis- 
tration. NIST did not provide the OTA with more precise estimates of the resources, including staff, re- 
quired to implement and manage key escrowing. 

The proposed FIPS was announced in the Federal Register on July 30, 1993 and was also sent to 
federal agencies for review. The EES was promulgated after a comment period that generated almost 
universally negative comments. According to NIST, comments were received from 22 government orga- 
nizations in the United States, 22 industry organizations, and 276 individuals. Concerns and questions 
reported by NIST include the algorithm itself and lack of public inspection and testing, the role of NSA 
in promulgating the standard, use of key escrowing, possible infringement of individual rights, effects of 
the standard on U S. firms' competitiveness in foreign markets, cost of establishing the escrowing sys- 
tem, and cost-effectiveness of the new standard. 8 

During the review period, the SKIPJACK algorithm was evaluated by outside experts, pursuant to 
President Clinton's direction that "respected experts from outside the government will be offered access 
to the confidential details of the algorithm to assess its capabilities and publicly report their findings." 
Five revewers accepted NIST's invitation to participate in a classified review of SKIPJACK and publicly 
report their findings: Ernest Brickell (Sandia National Laboratories), Dorothy Denning (Georgetown Uni- 
versity), Stephen Kent (Bolt Beranek and Newman, Inc.), David Maher (AT&T), and Walter Tuchman 



6 Requirements for federal and stale law-enforcement agents to certify that electronic surveillance h^s been authorized, and for 
what period of time, as well as requirements for authorized use of escrowed key components are explained in Department of Just ice. 
"Authorization Procedures for Release of Encryption Key Components in Conjunction with Intercepts Pursuant to Title III." "Author- 
ization Procedures for Release of Encryption Key Components in Conjunction with Intercepts Pursuant to State Statutes." and "Au- 
thorization Procedures for Release of Encryption Key Components in Conjunction with Intercepts Pursuant to FISA.'" Feb. 4, 1994 

7 Because the EES algorithm is classified, the overall strength of the EES cannot be examined except under security clearance 
(see note 9 below) Thus, unclassified, public analyses of its strengths and weaknesses are not possible. 

The only public statements made by the Administration concerning the strength of the EES relative to the DES refer to the secret 
key size 80 bits for the EES versus 56 bits for the DES Longer keys offer more protection from exhaustive-search attacks (see box 
4-3). but the overall strength of a cryptosystem is a function of both key size and the algorithm itself 

8 Federal Register (Feb 9. 1994). op cit footnote 1.pp 5998-6002 
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BOX' 4-2 (cont'd.): What Is the EES? 



(Amperif Corp.). Their interim report on the algorithm itself found that: 1) there is no significant risk 
SthatKIPJACK will be broken by exhaustive search in the next 30 to 40 years; 2) there is no significant 
risk that SKIPJACK can be broken through a shortcut method of attack; and 3) while the internal struc- 
ture of SKIPJACK must be classified in order to protect law-enforcement and national-security objec- 
tives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the 
algorithm. 9 The reviewers will issue a final report on broader system issues in implementing SKIPJACK. 

Based on its review of the public comments, NIST recommended that the Secretary of Commerce 
issue the EES as a Federal Information Processing Standard. 10 NIST noted that almost all of the com- 
ments received during the review period were negative, but concluded that, "many of these comments 
reflected misunderstanding or skepticism that the EES would be a voluntary standard. ' 11 The Clinton 
Administration also carried out a 10-month encryption policy review that presumably played a role in 
choosing to issue the EES as a FIPS, but the substance of that review has not been made public and 
was not available to OTA. Additionally, the Clinton Administration created an interagency working group 
on encryption and telecommunications that includes representatives of agencies that participated in the 
policy review. The working group will be chaired by the Office of Science and Technology Policy and 
the National Security Council and will "work with industry on technologies like the Key Escrow chip [i.e., 
the EES), to evaluate possible alternatives to the chip, and to review Administration policies regarding 
encryption as developments warrant." 12 



9 E Bnckell (Sandia National Laboratories) et al.. "SKIPJACK Review Interim Report— The SKIPJACK Algorithm." July 28. 1993. 
See also "Fact Sheet— NIST Cryptography Activities," Feb. 4. 1994 

10 Ibid., and Federal Register ( Feb. 9. 1994). op. cit . footnote 1 

11 Ibid 

12 White House press release and enclosures. Feb 4, 1 994. "Working Group on Encryption and Telecommunications " 
SOURCE. Office of Technology Assessment, 1994 and references cited below 



The essence of the cryptographic threat is 
that high-grade and user-friendly encryption 
products can seriously hinder law enforcement 
and counterintelligence agencies in their ability 
to conduct electronic surveillance that is often 
necessary to carrying out their statutorily-based 
missions and responsibilities. In particular, 
some encryption products put at risk efforts by 
federal, state and local law enforcement agen- 
cies to obtain to [sic] contents of intercepted 
communications by precluding real-time de- 
cryption. Real-time decryption is often essential 
so that law enforcement can rapidly respond to 
criminal activity and, in many instances, pre- 
vent serious and life-threatening criminal 
acts. 11 



Expressing support for the EES and key-escrow- 
ing initiatives, Kallstrom stated that: 

We fully support the Vice President's initia- 
tive to create a national information superhigh- 
way to share information, educate Americans, 
and increase productivity. However, it would be 
wrong for us as public servants to knowingly al- 
low this information superhighway to jeopar- 
dize the safety and economic well-being of 
law-abiding Americans by becoming an ex- 
pressway and safe haven for terrorists, spies, 
drug dealers, and murderers. 12 

Thus, export controls, intended to restrict the 
international availability of U.S. cryptography 
technology and products, are now being joined by 



11 Ibid., p. 12. 

12 Ibid., p. 14. 

do 
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domestic initiatives that offer alternative cryptog- 
raphy-based technologies for safeguarding un- 
classified information. These initiatives are 
intended to preserve U.S. law-enforcement and 
signals-intelligence capabilities. According to 
NIST Deputy Director Raymond Kammer: 
In developing cryptographic standards, one 
can not avoid two often competing interests. On 
the one hand are the needs of users — corporate, 
government, and individual — in protecting tele- 
communications transmissions of sensitive in- 
formation. . . On die other hand are the interests 
of the national security and law enforcement 
communities in being able to monitor electronic 
communications. In particular, I am focusing 
upon their need for continued ability to keep our 
society safe and our nation secure. 

Rapid advances in digital telecommunica- 
tions have brought this issue to a head. Some ex- 
perts have stated that, within ten years, most 
digital telecommunications will be encrypted. 
Unless we address this issue expeditiously, law 



enforcement will lose an important tool in fight- 
ing crime — the ability to wiretap — and the mis- 
sion of our Intelligence Community will be 
made more difficult. 13 

The EES has been promulgated by the Clinton 
Administration as a voluntary alternative to the 
current federal encryption standard used to safe- 
guard unclassified information, the Data Encryp- 
tion Standard (DES). 14 The symmetric encryption 
algorithm used in the DES is now over 20 years 
old; this standard allows users to generate their 
own encryption keys and does not require the keys 
to be deposited with any third party. 1 5 The DES al- 
gorithm has been made public (i.e., it has been 
published) and can be freely implemented in hard- 
ware or software (see box 4-3). 

Hie algorithm specified in the Escrowed En- 
cryption Standard has not been published. It is 
classified and the algorithm is intended to be im- 
plemented only in tamper-resistant, hardware 



13 Raymond G. Kammcr. NIST Deputy Director, testimony presented before the Subcommittee on Technology and the Law. Committee 
on the Judiciary. U.S. Senate, May 3, 1994, p. 2. NIST is responsible for developing the FIPS for protecting information in unclassified computer 
systems. 

14 NIST, "Data Encryption Standard (DES)," FIPS PUB 46-2 (Gaithcrsburg, MD: U.S. Department of Commerce. Dec. 30, 1993). 

An alternative successor to the DES is triple-encryption DES, where the algorithm is used sequentially with three different keys, to encrypt, 
decrypt, then re-encrypt. There is. however, no FIPS for triple-encryption DES.TripIe encryption with the DES offers more security than having 
a 1 1 2- bit key and, therefore, appears inviolate against all adversaries for the foreseeable future. (Martin Hcllman, Professor of Electrical Engi- 
neering. Stanford University, personal communication. May 24. 1994; also sec box 4-3.) 

15 As with other encryption techniques, sound key management (i.e.. key generation and pmtcction, key distribution and destruction) is 
vital to the overall security of the system. See NIST. "Guidelines for Implementing and Using the NBS Data Encryption Standard." FIPS PUB 
74 (Gaithcrsburg. MD: U.S. Department of Commerce. Apr. 1,1981); and "Key Management Using ANSI X9. 1 7" FIPS PUB 1 7 1 (Gaithcrs- 
burg. MD: U.S. Department of Commerce. Apr. 27. 1992). 
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BOX 4-3: What Is the DES? 



The Data Encryption Standard (DES) is a published, federal encryption standard for use in protect- 
ing unclassified computer data and communications. It has also been incorporated in numerous indus- 
try and international standards. The DES was promulgated by the Commerce Department, under au- 
thority of the Brooks Act of 1965 (Public Law 89-306). The Secretary of Commerce first approved the 
DES as a Federal Information Processing Standard (FIPS) in November 1976; it was published as FIPS 
Publication 46 ("Data Encryption Standard") in January 1977 and became effective in July 1977. 

The encryption algorithm specified by the DES is a symmetric, secret-key algorithm called the Data 
Encryption Algorithm (DEA). The DES algorithm uses a 64-bit key; eight bits are used only for parity 
checking, so the actual "secret key" is 56 bits long. The DES can be used in four standard modes of 
operation; these vary in their characteristics, strengths, and error-propagation properties, and are spe- 
cified in FIPS Publication 81 ("DES Modes of Operation," 1980). The DES can be used in message au- 
thentication; use of the DES in the Data Authentication Algorithm is specified in FIPS Publication 113 
("Computer Data Authentication," 1985). Message authentication (e.g., of electronic funds transfers) us- 
ing the DEA is standard in banking and the financial community. Using Merkle's "tree-signature" tech- 
nique, the DES can be used to generate digital signatures, but in general it is more efficient and conve- 
nient to use a public-key system for signatures. 1 

The DES was promulgated with the provision that it be reviewed for continued suitability at five-year 
intervals and that it would be reaffirmed (or not) for use by federal agencies every five years. The DES 
was reaffirmed for the first time in 1983. By 1986, over 400 models of voice, data, and file encryption 
products had been tested and endorsed by the National Security Agency as meeting the standard 
specifications. (At that time, software implementations of the DES were not certified for government use 
but were widely used in the private sector, so the total number of DES-based products was much larg- 
er) Vendor and user communities were thrown into an uproar in 1986, when NSA announced it would 
terminate endorsement of DES products in 1988, in favor of a new set of incompatible, classified, hard- 
ware standards that were developed by NSA and were said by the agency to offer more security 2 The 
banking community was particularly concerned with the prospect of having to replace the DES with the 
NSA technology, particularly after having invested heavily in DES-based systems. Ultimately, however, 
the DES was reaffirmed in 1988, following passage of the Computer Security Act of 1987. The National 
Institute of Standards and Technology validates DES implementations that meet the standard 

The DES was reaffirmed again this time in software as well as hardware and firmware implementa- 
tions in December 1993 as FIPS Publication 46-2. This is likely to be the last time it is reaffirmed as a 
federal standard. FIPS Publication 46-2 notes that the algorithm will be reviewed within five years to 
assess its adequacy against potential new threats, including advances in computing and cryptanalysis 
"At the next review (1998) the [DES algorithm] 'will be over twenty years old. NIST will consider alterna- 
tives which offer a higher level of security One of these alternatives may be proposed as a replacement 
standard at the 1998 review" (p 6). An alternative that is currently favored by the "public" cryptography 
community (i.e , in the private sector and academia) is triply encrypted DES (see below) 



1 See box 4-4 lor discussion ol digital signatures Ralph Merkle's "tree signature techniques" made " le use of symmetric (secret 
key) ciphers like the DES more usable lor digital signatures However, asymmetric cryptography is still preferred for digital signatures 
(Martin Hellman. Professor of Electrical Engineering, Stanford University, personalcommunication. Apr 24. 1 994. and Burton Kahski. 
Jr , Chief Scientist. RSA Laboratories, personal communication. Apr 20.1994 ) 

2 The Commercial Communications Security Endorsement Program (CCEP) was an NSA-mdustrv program to develop the 
embeddable cryptographic modules, host products lor the modules were developed under an NSA-industry program catled the De- 
velopment Center lor Embedded COMSEC Products (DCFCP) 
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BOX 4-3 (cont'd.): What Is the DES? 



Controversy surrounded NSA's role in the selection and refinement of the encryption algorithm that 
was promulgated as the DES. In 1973, the National Bureau of Standards (now NIST) had issued a soli- 
citation for candidate algorithms for a federal encryption standard, but received no suitable candidates. 
A year later, IBM responded to a second NBS solicitation with what eventually became the DES. The 
original algorithm developed by IBM. using a longer key, had been submitted to NSA for classification 
review as part of the patenting process. NSA chose not to classify the algorithm and suggested that 
IBM submit it— but with some modification— to NBS for consideration as the standard. NBS eventually 
promulgated the modified IBM algorithm as the DES algorithm. 3 

The modifications suggested by NSA and made by IBM gave rise to concerns that NSA had deliber- 
ately weakened or "tampered with" IBM's algorithm in order to maintain U S signals-intelligence capa- 
bilities. Although the algorithm was made public, the design criteria used by IBM and the results of 
NSAs testing and evaluation were not, nor were the design criteria used by NSA that led to shortening 
the key length and modifying a feature of the algorithm called the substitution boxes, or S-boxes. After 
much public debate, an inquiry by Representative Jack Brooks led the Senate Select Committee on 
Intelligence to conduct a classified investigation. This investigation concluded that: 

In the development of the DES. NSA convinced IBM that a reduced key size was sufficient, indirectly assisted 
in the development of the S box structures, and certified that the final DES algorithm was. to the best of their 
knowledge, free of any statistical or mathematical weaknesses. NSA did not tamper with the design of the algo- 
rithm in anyway. IBM invented it and designed the algorithm, made all pertinent decisions regarding it. and con- 
curred that the agreed on key size was more than adequate for all commercial applications for which the DES 
was intended. 4 

The reason for attention to the key size was that a longer key would have made it much harder to 
find a particular secret key through an "exhaustive search" cryptanalysis, in which all possible keys are 
tried in order to find the one being used. Because the secret key is 56 bits long, an exhaustive search 
would, in principle, require 2 56 operations. Doubling the key size does far more than double the strength 
against exhaustive attacks— if the key were 112 bits long, exhaustive search would, in principle, require 
2 1 12 operations, which is roughly 100,000 million million times as much work. 5 

For a given key size, "multiple encryption" can increase the security of the final ciphertext. The in- 
crease depends on the characteristics of the encryption algorithm; with the DES the gain is less than 
would be achieved through an increase in key size, but can still be adequate. That is, encrypting twice 
with the DES, using two different keys, is nowhere near as secure as having a true 112-bit key. The 
preferred method to strengthen the DES is through triple encryption. In this technique, the original plain- 
text is encrypted using one key. the resulting ciphertext is decrypted using a different second key; the 



3 For more on the history of the DES and controversy surrounding its 1 988 reaffirmation, see U S Congress. Office of Technology 
Assessment. Defending Secrets. Sharing Data • New Locks and Keys for Electronic Information. OTA-CIT-3 1 0 (Washington. DC U S 
Government Printing Office. 1987). especially chapter 4 and appendix C 

4 U S Senate. Select Committee on Inlelligence. Unclassified Summary Involvement of NSA m the Development of the Data En- 
cryptton Standard (Staff Report), 95th Cong . 2d sess (Washington. DC U S Government Printing Office. April 1978), p 4 See also 
OTA op cit . footnote 3. pp 169-171 

* Martin Hellman, op cit . footnote 1 

6 See Ralph C Merkle and Martin Hellman. "On (he Security of Multiple Encryption." Communications of the ACM. vol 24, No 7. 
July 1982. pp 465-467 
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BOX 4-3 (cont'd.): What Is the DES? 



result is encrypted again, with a third key 6 (The plaintext is recovered by reversing the operations, us- 
ing all 3 keys. )Triple encryption with the DES offers more security than having a 1 12-bit key and there- 
fore, appears inviolate against all adversaries for the foreseeable future. 7 

Interestingly, it now appears that the NSA-suggested modifications to the S-boxes were intended to 
strengthen the algorithm against another, particularly powerful type of attack called differential crypta- 
nalysis. Eli Biham and Adi Shamir published the first paper on differential cryptanalysis, which they dis- 
covered in 1990. After this announcement, a member of the IBM design team stated that the IBM de- 
signers—and presumably NSA— knew about it no later than 1974. 8 



7 Multiple encryption with the DES offers less of an increase in security than multiplying the key length by the same factor because 
of the way the individual bits of the key are "mixed" during encryption. Triple encryption with DES offers much less of an increase in 
strength than using a 168-bit (3 X 56 bits) key. but is much stronger than double encryption and is better than using a 1 12-bit key 
(Martin Hellman. Professor of Electrical Engineering. Stanford University, personal communication. May 10. 1994.) 

8 Don Coppersmith of IBM as quoted in 8ruce Schneier, "A Taxonomy of Encryption Algorithms." Computer Security Journal, vol 
IX. No. 1 . pp 39-59 (quote at p. 42). See also E. Biham and A Shamir. "Differential Cryptanalysis of DES-like Cry ptosyst ems." Ad- 
vances in Cryptology. CRYPTO '90 Proceedings (New York. NY: Springer- Verlag. 1991 ). pp 2-2 1 . and E 8iham and A. Shamir. "Differ- 
ential Cryptanalysis of DES-like Cryptosystems." Journal of Cryptology. vol 4, No. 1, 1991 . pp. 3-72. 

SOURCE: OTA. 1994. and sources cited below 



modules. 16 This approach makes the confidential- 
ity function of the classified encryption algorithm 
available in a controlled fashion that does not in- 
crease users' abilities to employ cryptographic 
principles. A key-escrowing scheme is built in to 
ensure "lawfully authorized" electronic surveil- 
lance. 17 One of the reasons stated for specifying a 
classified, rather than published, encryption algo- 
rithm in the EES is to prevent its independent im- 
plementation without the law-enforcement access 
features. 



Unlike the EES algorithm, the algorithm in the 
federal Digital Signature Standard has been pub- 
lished. 18 The public-key algorithm specified in 
the DSS uses a private key in signature generation, 
and a corresponding public key for signature veri- 
fication. (See box 4-4.) However, the DSS tech- 
nique was chosen so that public-key encryption 
functions would not be available to users. 19 This 
is significant because public-key encryption is ex- 
tremely useful for key management. 20 



16 Sec Federal Register, vol. 59, Feb, 9, 1994, pp. 5997-6005 ("Approval of Federal Information Processing Standards Publication 185, 
Escrowed Encryption Standard (EES)"), 

17 Ibid., p. 6003. 

18 See also appendix C. 

19 According to F. Lynn McNuIty, NIST Associate Director for Computer Security, the rationale for adopting the technique used in DSS 
was that, "We wanted a technology that did signatures — and nothing else— very well." (Response to a question from Chairman Rick Boucher 
in testimony before the Subcommittee on Science of the House Committee on Science, Space, and Technology. Mar. 22, 1994. Sec also footnote 
105.) 

20 Public-key encryption can be used for confidentiality and for secure key exchange. Sec box 4- 1 . 
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Cryptography can be used to accomplish more than one safeguard objective 1 Encryption tech- 
niques can be used to safeguard the confidentiality of the contents of a message (or a stored file). 
Message authentication techniques based on cryptography can be used to ensure the integrity of the 
message (that it has been received exactly as it was sent) and the authenticity of its origin (that it 
comes from the stated source). The oldest and simplest forms of message authentication use "secret" 
authentication parameters known only to the sender and intended recipient to generate "message au- 
thentication codes." So long as the secret authentication parameter is kept secret from all other parties, 
these techniques protect the sender and the receiver from alteration or forgery of a message by all 
such third parties. Because the same secret information is used by the sender to generate the message 
authentication code and by the receiver to validate it, these techniques cannot settle "disputes" be- 
tween the sender and receiver as to what message, if any was sent. For example, message authentica- 
tion codes ^could not settle a dispute between a stockbroker and client in which the broker claims the 
client issued an order to purchase stock and the client claims he never did so. 

Digital signatures provide a higher degree of authentication by allowing resolution of disputes. Al- 
though it is possible to generate digital signatures from a symmetric cipher like the federal Data En- 
cryption Standard (DES), most interest centers on systems based on asymmetric ciphers, also known 
as public-key cryptosystems 2 These asymmetric ciphers use a pair of keys— one to encrypt, another to 
decrypt— in contrast to symmetric ciphers in which the same key is used for both operations. Each user 
has a unique pair of keys, one of whicn is kept private (secret) and the other is made public (e.g., by 
publishing in the electronic equivalent of a telephone book) The security of public-key systems rests on 
the authenticity of the public key and the secrecy of the private key, much as the security of symmetric 
ciphers rests on the secrecy of the single key (see discussion of key certification and management in 
chapter 2 and of digital signatures and nonrepudiation in chapter 3). 

In principle, to sign a message using a public-key encryption system, a user could transform it with 
his private key, and send both the original message and the transformed version to the intended receiv- 
er. The receiver would validate the message by acting on the transformed message with the sender's 
public key (obtained from the "electronic phone book") and seeing that the result exactly matched the 
original message. Because the signing operation depends on the sender's private key (known only to 
him or her), it is impossible for anyone else to sign messages in the sender's name. But everyone can 
validate such signed messages, since the validation depends only on the sender's "public" key. 

In practice, digital signatures sign shorter "message digests" rather than the whole messages. For 
digital signatures based on public-key systems, the sender first uses a cryptographic "hashing" algo- 
rithm to create a condensed "message digest" from the message. 3 With the commercial Rivest-Shamir- 



1 For details about the technology and applications lor encryption, message authentication, and digital signatures, see D W Da- 
vies and W L Price. Security for Computer Networks: An Introduction to Data Security in Teleprocessing and Electronic Funds Trans- 
fer.2ndEd (New York. NY JohnWiley&Sons. 1992). See also U S Congress. Office of Technology Assessment Defending Secrets, 
SharmgData New Locks and Keys for Electronic Information. OTA-CIT-310 (Washington. DC: U.S Government Printing Office. Octo- 
ber 1987). especially appendices C and D 

2 Merkle's "tree signature techniques" made useol symmetric (secret-key) ciphers like the DES more usablefor digital signatures 
However, there is currently more interest in asymmetric cryptography tor signatures (Martin Hellman. Professor of Electrical Engi- 
neering. Stanford University, personal communication. Apr. 24. 1994. and Burton Kaliski. Jr . Chief Scientist. RSA Laboratories, per- 
sonal comnHjn:cation. Apr 20.1994) 

3 The RSA method is thebaat known public-key signature scheme, but others are possible; see T ElGamal "APublic-Key Crypto- 
system and a Signature Scheme Based on Discrete Logarithms." IEEE Transactions on Information Theory, vol IT-31. 1985. pp 
469-472. and C P Schnorr. "Efficient Identification and Signatures lor Smart Cards." Proceedmgsol Crypto 80. Advances tn Cryptolo- 
gy (New York. NY Springer- Verlag. 1990). pp 239-251 
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BOX 4-4 (cont'd.): What Are Digital Signatures? 



Adleman (RSA) system, the signature is created by encrypting the message digest, using the sender's 
private key. Because in the RSA system each key is the inverse of the other, the recipient can use the 
sender's public key to decrypt the signature, thereby recovering the original message digest The recip- 
ient compares this with the one he or she has calculated using the same hashing function— if they are 
identical, then the message has been received exactly as sent and, furthermore, the message did 
come from the supposed sender (otherwise his or her public key would not have yielded the correct 
message digest). 4 

The federal Digital Signature Standard (DSS) defines a somewhe* different kind of public-key crypto- 
graphic standard for generating and verifying digital signatures. 5 The DSS is to be used in conjunction 
with the federal "Secure Hash Standard" (FIPS Publication 180), which creates a short message digest, 
as described above. 6 The message digest is then used, in conjunction with the sender's private key 
and the algorithm specified in the DSS, to produce a message-specific signature. Verifying the DSS 
signature involves a mathematical operation on the signature and message digest, using the sender's 
public key and the hash standard. 7 

The DSS differs from the RSA digital signature method in that the DSS signature operation is not 
reversible, and hence can only be used for generating digital signatures. DSS signature verification is 
different than decryption 8 

In contrast, the RSA system can encrypt, as well as do signatures. Therefore, the RSA system can 
also be used to securely exchange cryptographic keys that are to be used for confidentiality (e.g., "se- 
cret" keys for use with a symmetric encryption algorithm like the DES). This lack of encryption capability 
for secure key exchange was one reason why the government selected the DSS technique for the stan- 
dard. 9 



4 See Davies and Price, op cit . ch. 9 or app D of Office of Technology Assessment, op. cit.. footnote 1 . The overall security of 
these schemes depends on maintaining secrecy of the private keys and on the authenticity of the public keys. 

5 U.S. Department of Commerce. National Institute of Standards and Technology, "Digital Signature Standard (DSS)." FIPS Publi- 
cation 186. May 19. 1994. The standard is effective Dec 1 , 1994. 

6 U S Department of Commerce, National Institute of Standards and Technology "Secure Hash Standard." FIPS PUB 180. May 
11.1 993. NIST recently announced a technical correction to the Secure Hash Standard. According to NIST. NSA analysts discovered 
a "minor flaw" in the algorithm. The algorithm was developed by NSA. (NIST media advisory. Apr. 22, 1994.) According to NIST. the 
hash standard, "while still very strong, was not as robust as we had originally intended" and was being corrected (Raymond Kammer, 
Deputy Director, NIST, testimony before the Subcommittee on Technology and the Law, Committee on the Judiciary. U S Senate. May 
3.1994.p 11.) 

7 See National Institute of Standards and Technology. CSL Bulletin. January 1993: or NIST. op. cit.. footnote 5 

8 Burton Kaliski. Jr . Chief Scientist. RSA Laboratories, personal communication. May 4, 1994. 

9 See chapter 4. and Federal Register, vol. 59, May 1 9. 1 994. p. 26209 ("The DSAdoes not providefor secret key distributionsince 
it was not intended for that purpose " Ibid.) 

SOURCE Office of Technology Assessment, 1994; Martin Hellman (Stanford University). 1994; and references cited in notes. 



While other means of exchanging electronic 
keys are possible, 21 none is so mature as public- 
key technology. In contrast to the technique cho- 



sen for the DSS, the technique used in the most 
widely used commercial digital signature system 
(based on the Rivest-Shamir-Adleman, or RSA, 



21 Sec, e.g.. Tom Lcightnn. Department of Mathematics, Massachusetts Institute of Technology (MIT) and Silvio Micali, MIT Laboratory 
for Computer Science, "Secret-Key Agreement Without Public-Key Cryptography (Extended Abstract)," obtained from S. Micali, 1993. 
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algorithm) can also encrypt. Therefore, the RSA 
techniques can be used for secure key exchange 
(i.e., exchange of ** secret" keys, such as those used 
with the DES), as well as for signatures. Another 
public -key technique, devised by Whitfield Diffie 
and Martin Hellman, can also be used for key ex- 
change. 22 The Diffie-Hellman technique does not 
encrypt. 

In OTA s view, both the EES and the DSS are 
federal standards that are part of a long-term con- 
trol strategy intended to retard the general avail- 
ability of "unbreakable" or "hard to break" 
cryptography within the United States, for reasons 
of national security and law enforcement. As 
stated by NIST Deputy Director Raymond Kam- 
mer: 

Government standards should not harm law 
enforcement/national security. 

This is fairly straightforward, but can be dif- 
ficult to achieve. In setting standards, the inter- 
ests of all the components of the government 
should be taken into account. In the case of en- 
cryption, this means not only the user communi- 
ty, but also the law enforcement and national 
security communities, particularly since stan- 
dards setting activities can have long-term im- 
pacts (which, unfortunately, can sometimes be 
hard to forecast). 23 

It appears that the EES is intended to comple- 
ment the DSS in this overall encryption-control 
strategy, by discouraging future development and 
use of encryption without built-in law enforce- 
ment access, in fevor of key-escrowed and related 
encryption technologies. If the EES and/or other 
key-escrow encryption standards (e.g., for use in 
computer networks) become widely used, this 
could ultimately reduce the variety of alternative 
cryptography products through market domi- 



nance that makes alternatives more scarce or more 
costly. In May 1994 testimony before the Senate 
Subcommittee on Technology and the Law, Whit- 
field Diffie (Sun Microsystems, Inc.) referred to 
the EES and related key-escrow initiatives, as well 
as the DSS and the digital telephony proposals, as: 

... a unified whole whose objective is to main- 
tain and expand electronic interception for both 
law enforcement and national security pur- 
poses. 24 

In testimony in support of the EES and related 
technology before the House Subcommittee on 
Technology, Environment, and Aviation, Dorothy 
Denning (Georgetown University) stated that: 

As we move into an era of even greater elec- 
tronic communications, we can and must design 
our telecommunications infrastructure and en- 
cryption systems to support our p^eds as a nation 
for secure communications, individual privacy, 
economic strength, effective law enforcement, 
and national security. The Clipper Chip is an im- 
portant step towards meeting all our national 
needs, and the government should continue to 
move forward with the program. 

The government needs an encryption stan- 
dard to succeed DES. If in lieu of Clipper, the 
government were to adopt and promote a stan- 
dard that provides strong encryption without 
government access, society could suffer severe 
economic and human losses resulting from a di- 
minished capability of law enforcement to in- 
vestigate and prosecute organized crime and 
terrorism, and from a diminished capability for 

foreign intelligence [T]he government 

rightly concluded that it would be irresponsible 
to promote a standard that foils law enforcement 
when technology is at hand to accommodate law 
enforcement needs without jeopardizing securi- 
ty and privacy. Moreover, through the Adminis- 



n The public-key concept was first published by Whitfield Diffie and Martin Hellman in "New Directions in Cryptography," Theory, vol. 
IT-22. No. 6, IEEE Transactions on Information. November 1 976. pp. 644-654. Diffie and Hellman described how such a system could be used 
for key distribution and to "sign" individual messages. 

2 * Krnmcr testimony. May \ 1994. op. cil.. footnote 13. pp. 10-11. 

24 Whitfield Difllc. Distinguished Engineer. Sun Microsystems. Inc.. testimony before the 4 Subcommittee on Technology and the Law. 
Committee on the Judiciary. U.S. Senate. May X 1994. p. 2. (Diffie was also referring to the Capstone and TESSERA implementations of the 
EES encryption algorithm.) 
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tration's commitment to Clipper or some other 
form of key escrow, escrowed encryption may 
dominate in the market, mitigating the effect of 
unescrowed encryption on law enforcement. 25 
Concerns over the proliferation of encryption 
that have shaped and/or retarded federal standards 
development have complicated federal agencies 1 
technological choices. For example, as appendix 
C explains, national-security concerns regarding 
the increasingly widespread availability of robust 
encryption — and, more recently, patent prob- 
lems — contributed to the extraordinarily lengthy 
development of a federal standard for digital sig- 
natures: NIST first published a solicitation for 
public-key cryptographic algorithms in 1 982, and 
the DSS was finalized in FIPS Publication 186 in 
May 1994. 26 (At this writing, the question of 
whether the DSS would be the subject of patent 
litigation was still open — see appendix C). 

Public-key cryptography can be used for digital 
signatures, for encryption, and for secure key dis- 
tribution/exchange. The DSS is intended to sup- 
plant, at least in part, the demand for other 
public-key cryptography by providing a method 
for generating and verifying digital signatures 
However, while the DSS algorithm is a public-key 
signature algorithm, it is not a public-key encryp- 
tion algorithm. 27 That means, for example, that it 



cannot be used to securely distribute "secret" en- 
cryption keys for use with symmetric encryption 
like the DES or EES algorithms. Some sort of in- 
teroperable (i.e., standardized) method for secure 
key exchange is still needed. 28 

As of June 1994, the DSS had been finalized, 
but there was no FIPS for public-key key ex- 
change. Two implementations of the EES encryp- 
tion algorithm that are used for data 
communications in computer networks — the 
Capstone chip and the TESSERA card — contain a 
public-key Key Exchange Algorithm (KEA). 29 
However, as of June 1 994, this KEA is not part of 
any FIPS. 30 Therefore, organizations that do not 
use Capstone or TESSERA still need to select a 
secure and interoperable form of key distribution. 

The lengthy evolution of the DSS meant that 
federal agencies had begun to look to commercial 
products (e.g., based on the RSA system) to meet 
immediate needs for digital sigr^ture technolo- 
gy. 31 The introduction of the EES additionally 
complicates agencies' technological choices, in 
that the EES and related government key-escrow 
encryption techniques (e.g., for data communica- 
tions in computer networks, or for file encryption) 
may not become popular in the private sector for 
some time, if at all. As of this writing, the EES has 



23 Dorolhy E. Denning. Professor and Chair, Department of Computer Science. Georgetown University, testimony before the Subcommit- 
tee on Technology. Environment, and Aviation. Committee on Science. Space and Technology. U.S. House of Representatives. May 3. 1 994. 
pp. 6-7. Denning was one of the five nongovernmental experts who evaluated the EES algorithm under security clearance. (See discussion later 
in chapter.) 

26 See "Approval of Federal Information Processing Standards Publication 1 86. Digital Signature Standard (DSS)," Federal Register* vol. 
59,May 19, 1994, pp. 26208-ll;and NIST, "Digital Signature Standard (DSS)," FIPS PUB 1 86 (Gaithersburg. MD: U.S. Department of Com- 
merce, May 19, 1994). 

27 Sec box 4-4. 

28 One public-key algorithm that can be used for key distribution is the RSA algorithm; the RSA algorithm can encrypt. Hie RSA system 
was proposed in 1978 by Rivcst. Shamir, and Adleman. The Diffic- Hell man algorithm is another method; this can be used for key generation 
and exchange and docs not encrypt. See also ch. 2. 

29 Hie Capstone chip is an implementation of the Escrowed Encryption Standard algorithm. It is used for data communications and contains 
the EES algorithm (called SKIPJACK), as well as digital-signature and key-exchange functions. (Hie Clipper chip is used in telephone systems 
and has just the EES algorithm.) TESSERA is a PCMCIA card that contains a Capstone chip. It includes additional features and is being used 
in the Defense Message System. (Clinton Brooks. Special Assistant to the Director. NSA. personal communication. May 25. 1994.) 

50 Miles Smid. Manager. Security Technology Group. NIST. personal communication. May 20, 1994 

31 For example, at this writing, the IRS was considering using both the DSS and RSA signature techniques. (Tim Minahan. "IRS Digital 
Signature Scheme Calls for Both DSS and RSA Verification " Government Computer News, July 18. 1994. pp. 1,65.) 
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not yet been embraced within government and is 
largely unpopular outside of government. 32 
Therefore, agencies may need to support multiple 
encryption technologies both for transactions 
(i.e., signatures) and for communications (i.e., en- 
cryption, key exchange) with each other, with the 
public, and with private-sector organizations. 

GOVERNMENT CONCERNS AND 
INFORMATION SAFEGUARDS 

As the previous section indicated, the federal gov- 
ernment faces a fundamental tension between the 
desire to foster the development and deployment 
of effective (and cost-effective) technologies for 
use in safeguarding unclassified information, so 
that these can be widely used by civilian agencies 
and the private sector, and the desire to control the 
proliferation of technologies that can adversely af- 
fect government's signals-intelligence and law- 
enforcement capabilities. This tension runs 
throughout the government's own activities as a 
developer, user, and regulator of safeguard 
technologies. Although the relative balance be- 
tween national-security and other objectives (e.g., 



open government, market competitiveness, priva- 
cy) has shifted from time to time, national-securi- 
ty objectives have always been preeminent in 
establishing federal policies regarding informa- 
tion security (or computer and communications 
security). 

In a networked society, where communica- 
tions, information, and commerce are digital, the 
struggle to control cryptography is at the heart of 
this tension. Control of cryptography encom- 
passes: 1 ) control of research in cryptography and 
especially in cryptanalysis (code-breaking), 2) 
control of publication in cryptography and related 
fields, 3) control of patenting of cryptographic in- 
ventions (new techniques for encryption and/or 
new ways of implementing these in useful prod- 
ucts), and 4) export controls on the proliferation of 
cryptography-based products and expertise. 33 

Over the past three decades, this struggle for 
control has been exacerbated by: 

1. technological advances in computing and mi- 
croelectronics that have made inexpensive, 
software-based, PC-based, smart-card-based, 



32 Sec, e.g.. Beau Brcndler. "This Ship's Going Nowhere: Why Clinton's Clipper Policy Makes No Sense." Washington Technology. Feb. 
10 1994, pp. 1.6; John Markoff. "Cyberspace Under Lock and Key." The New York Tunes, Feb. 1 3. 1994. p. E3; Philip Elmer- Dewitt, "Who 
Should Keep the Keys," Time Magazine, Mar. 1 4, 1994. pp. 90-9 1 ; and John Markoff. "An Administration Reversal on Wiretapping Technolo- 
gy/* The New York Times, July 21 . 1994, pp. Dl .D7. 

The Committee on Communications and Information Policy of the IEEE United States Activities Board has taken the position that current 
cryptographic policies reflect the dominance of law-enforcement and national-security concerns and do not adequately reflect the needs of 
electronics manufacturers, service providers, or network users. The committee advocates development of public, exportable, secure algorithms 
and the i mplementation of such algorithms as national standards. (Bob Carlson. "U .S. Government Reaffirms Stand on Clipper Chip Proposal," 
IEEE Computer, April 1994. p. 63.) 

33 The cryptographic-research community has grown over the last decade, but it is still relatively small compared with other fields in com- 
puter science, electrical engineering, and mathematics. In the 1970s and 1980s, there were serious controversies concerning attempts by NSA 
to control federal research funding in cryptography and to control publication and patenting by researchers in academia and industry. For histor- 
ical development of cryptography and the repeated controversies concerning government attempts (through NSA) to control cryptography 
through research funding, prepublication review, and patent secrecy orders, see Susan Landau, "Zero Knowledge and the Department of De- 
fense." Notices of the American Mathematical Society, vol. 35, No. 1 , January 1988, pp. 5-12; U.S. Congress. House of Representatives. Com- 
mit on Government Opcration^^ 

1 st scss., June 1 1 . 1 987 (Washington. DC: U.S. Government Printing Office. 1 987). pp. 1 9-25; James Bamford. The Puzzle Palace (New York. 
NY: Penguin Books. 1983); Tom Ferguson. "Private Locks. Public Keys and State Secrets: New Problems in Guarding Information wi U Cryp- 
tography." Harvard University Center for Information Policy Research. Program on Information Resources Policy. April 1 982; Public Cryptog- 
raphy Study Group, American Council on Education. "Report of the Public Cryptography Study Group" and "The Case Against Restraints on 
Nongovernmental Research in Cryptography: A Minority Report by Prof. George 1 . Davida." Academe, vol. 67. December 198 1 . pp. 372-382; 
U S Congress. House of Representatives. Committee on Government Operations. The Government's Classification of Private Ideas, H. Kept. 
No. 96- 1 540. 96th Congress. 2d sess. (Washington, DC: U.S. Government Printing Office. Dec. 22, 1 980); and David Kahn. The Codebreakers: 
The Story of Secret Writing (New York. NY: MacMillan, 1967). See also OTA. op. cit., footnote 1, especially pp. 55-59 and 168-172. 
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and token-based (e.g., using PCMCIA cards) 
cryptography potentially ubiquitous; and 

2. increasing private-sector capabilities in cryp- 
tography, as evidenced by independent devel- 
opment of commercial, public-key encryption 
systems. 

These have made possible the: 

3. increasing reliance on digital communications 
and information processing for commercial 
transactions and operations in the public and 
private sectors. 

Together, these developments have enabled and 
supported a growing industry segment offering a 
variety of hardware- and software-based informa- 
tion safeguards based on cryptography. Recent en- 
cryption initiatives like the EES and DSS seem 
orchestrated to increase control by reducing com- 
mercial variety and availability over the long run, 
so as to retard the development and spread of other 
encryption technologies that could impair signals 
intelligence and law enforcement. 

A historical review of the policy issues, de- 
bates, and developments during the 1970s and 
1980s that led to the current environment is be- 
yond the scope of this report, which focuses on 
their current manifestations in private and public- 
sector activities. 34 This chapter examines these in 
light of the ongoing debates over the activities of 
NIST and NS A, particularly regarding export con- 
trols and standards development. These are im- 
portant because the government uses them to 
control cryptography. 



Federal standards (i.e., the FIPS) influence the 
technologies used by federal agencies and provide 
a basis for interoperability, thus creating a large 
and stable, "target market" for safeguard vendors. 
If the attributes of the standard technology are also 
applicable to the private sector and the standard 
has wide appeal, an even larger but still relatively 
stable market should result. The technological sta- 
bility means that firms compete less in terms of 
the attributes of the fundamental technology and 
more in terms of cost, ease of use, and so forth. 
Therefore, firms need to invest less in research and 
development (especially risky for a complex 
technology like cryptography) and in convincing 
potential customers of product quality. (See dis- 
cussion of standards and certification in chapter 
2). This can result in higher profits for producers, 
even in the long run, and in increased availability 
and use of safeguards based on the standard. 

Promulgation of the DES as a stable and certi- 
fied technology — at a time when the commercial 
market for cryptography-based safeguards for un- 
classified information was emerging — stimulated 
supply and demand. Although the choice of the al- 
gorithm was originally controversial due to con- 
cerns over NSA's involvement, the DES gained 
wide acceptance and has been the basis for several 
industry standards, in large part because it was a 
public 35 standard that could be freely evaluated 
and implemented. Although DES products are 
subject to U.S. export controls, DES technology is 
also widely available around the world and the al- 
gorithm has been adopted in several international 
standards. The process by which the DES was de- 



■ M For a short review of the historical tension between national security and other national objectives and the struggle to control cryptogra- 
ph), see OTA. op. cit.. footnote I . For a longer review of the developments of federal computer security and communication security policies 
and programs after World War II, including discussion of challenges to the government's cryptographic monopoly over the last two decades, 
see George F. Jelen. "Information Security: An Elusive Goal." Harvard University Center for Information Policy Research, Program on In- 
formation Resources Policy. June 1985. Jelen also examines the power struggle between NSA and the Commerce Department's National Tele- 
communications and Information Administration during the late 1970s and early 1 980s and the motivations for and effects of national-security 
directives in the 1 980s that gave the Department of Defense the leadership role in communication security (COMSEC) and computer security 
(COMPUSEC). 

" Public in this sense refers to the fact that the DES algorithm was published. 
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veloped and evaluated also stimulated private- 
sector interest in cryptographic research, 
ultimately increasing the variety of commercial 
safeguard technologies. 

By 1993, 40 manufacturers were producing 
about 50 implementations of the DES in hardware 
or firmware that had been validated for federal use 
(as meeting the FIPS) by NIST. Another 60 com- 
panies were estimated to be producing software 
implementations of the DES. A 1993 industry es- 
timate of U.S. sales of DES hardware and software 
products was between $75 million and $125 mil- 
lion annually. 36 As of April 1994, a survey of 
products using cryptography in the United States 
and abroad, conducted by the Software Publishers 
Association (SPA) had identified 245 domestic 
encryption products (hardware and software) that 
used the DES. 37 

Now, however, introduction of an incompatible 
new federal standard — e.g., the EES — may be 
destabilizing. If the EES and related technologies 
ultimately manage to gain wide appeal, they may 
succeed in "crowding out" safeguards based upon 
other cryptographic techniques. 38 This may be a 
long-term objective of the key-escrow encryption 
initiative, in order to stem the supply of alternative 
cryptography products by ensuring vendors a 



large and lucrative federal market and by encour- 
aging private-sector demand to eventually switch 
to key-escrowing technology. 39 In the long term, a 
loss of technological variety is significant to pri- 
vate-sector cryptography, because more diverse 
research and development efforts tend to increase 
the overall pace of technological advance. In the 
near term, technological uncertainty may delay 
widespread investments in any new safeguard, as 
users wait to see which technology prevails. 40 

In May 1994 testimony before the Subcommit- 
tee on Technology and the Law of the Senate Judi- 
ciary Committee, Assistant Attorney General Jo 
Ann Harris stated that: 

The Clinton Administration has been far- 
sighted in seeing the advent of high-quality, 
user-friendly encryption products and the im- 
plications of such products. It has alsp been pre- 
pared to act early, when markets are still 
developing and when both consumers and 
manufacturers are seeking strong, reliable cryp- 
tography for use in mass-market products. 

We believe, therefore, Mr. Chairman [Patrick 
J. Leahy], that, as one major equipment 
manufacturer has already done, others will re- 
spond to their customers 1 needs for extremely 
strong encryption by marketing key escrow- 



36 Industry estimates cited in: Charlotte Adams, "Data Encryption Standard Software Now Headed for Widespread Government Use," Fed- 
eral Computer Week, July 26, 1993. p. 35. The reaffirmation of the DES in FIPS Publication 46-2 (NIST, op. cit., footnote 14) makes software 
implementations of the DES also eligible for validation. 

37 Stephen T. Walker, President. Trusted Information Systems, Inc., testimony presented before the Subcommittee on Technology and the 
Law. Committee on the Judiciary. U.S. Senate. May 3. 1994, p. 15 and enclosure. See also Lance Hoffman. "SPA Study of Foreign Availability 
of Cryptography," SPA News. March 1994. SPA began its study of foreign availability in 1993. 

38 At present, the EES is not being well received by the private sector, in part because there is a growing installed base of other technologies 
(e.g.. the DES and the RSA system) and in part because of the classified algorithm and key escrowing. In establishing the EES, the government 
is acting in its roles as a producer and regulator of safeguard technologies. This contrasts with the government's role (with industry) as a user 
in other, voluntary standards development. (See, e.g.. John Perry Barlow, "A Plain Text on Crypto Policy." Communications of the ACM, vol. 
36. No. 1 1 . November 1993. pp. 21-26; and Lance J. Hoffman, "Clipping Clipper," Communications of the ACM, vol. 36, No. 9, September 
1993. pp. 15-17.) The role of the U.S. government in developing the algorithm, as well as the key escrowing provisions, also make the EES 
unattractive to the international business community. (Nanette DiTosto, United States Council for International Business, personal communica- 
tion, Api. 28, 1994.) 

39 ln early 1994, the Department of Justice had reportedly purchased 8,000 EES devices and was considering purchasing another 2,000. 
in a procurement totaling $8 million. (Executive-branch procurements announced by Raymond Kammer, NIST Deputy Director, as quoted 
in: Brad Bass. "Clipper Gets Stamp of Approval," Federal Computer Week, Feb. 7, 1994, pp. 1 .4.) 

40 This happened with vidcocassettc recorders (VCRs). When technological uncertainty decreased (after the rivalry between VHS and Be- 
tamax was resolved), VCR penetration began to increase dramatically. 
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equipped produce. And as that occurs, we look 
for a gravitation of the market to key -escrow en- 
cryption, based on both a need for interoperabil- 
ity and a recognition of its inherent quality. Even 
many of those who may desire encryption to 
mask illicit activities will choose key-escrow 
encryption because of its availability, its ease of 
use, and its interoperability with equipment 
used by legitimate enterprises. 41 

However, others question the need to act now: 

If allowing or even encouraging wide dis- 
semination of high-grade cryptography proves 
to be a mistake, it will be a correctable mistake. 
Generations of electronic equipment follow one 
another very quickly. If cryptography comes to 
present such a problem that there is popular con- 
sensus for regulating it, this will be just as pos- 
sible in a decade as it is today. If on the other 
hand, we set the precedent of building govern- 
ment surveillance capabilities into our security 
equipment we risk entrenching a bureaucracy 
that will not easily surrender the power this 
gives. 42 

At this writing, the success of this strategy to 
control cryptography is still questionable — in the 
near term, at least. One reason the outcome will 
take some time to materialize is that although it 
was issued as a FIPS, use of the EES is voluntary 
(even within the government) and many federal 
agencies have not yet taken positions regarding its 
implementation, or announced plans to imple- 
ment the EES in their operations. 43 For example, 
the Federal Reserve System encrypts its funds 
transfer operation, using DES-based technology, 
and is an active participant in the American Na- 
tional Standards Institute (ANSI) banking stan- 



dards process. Although the Federal Reserve 
monitors advances in security technologies, as of 
spring 1994 it remained committed to "crypto- 
graphic implementations which are based on DES 
and are ANSI compliant." 44 

In July 1994, Vice President Gore indicated the 
Clinton Administration's willingness to explore 
industry alternatives for key-escrow encryption, 
including techniques based on unclassified algo- 
rithms or implemented in software. These alterna- 
tives would be used to safeguard information in 
computer networks and video networks; the EES 
and Clipper chip would be retained for telephony. 
Whether the fruits of this exploration result in in- 
creased acceptance of key-escrow encryption will 
not be evident for some time. 

Moreover, not all government attempts at in- 
fluencing the marketplace through procurement 
policies (and the FIPS) are successful. The FIPS 
that prove to be unpopular with industry and users 
can have little influence on the private sector. 45 
For example, the government made an early com- 
mitment to the Open Systems Interconnection 
(OSI) protocols for networking, but it is the ubiq- 
uitous Transmission Control Protocol/Internet 
Protocol (TCP/IP) protocols that have enjoyed 
wide use throughout the world in the Internet and 
other networks. Although the Government Open 
Systems Interconnection Profile (GOSIP) was 
mandated for agerfcies, it did not become popular 
in the commercial market, so there was a lack of 
GOSIP products, relative to TCP/IP products. As 
a result, the government had to reassess open 
systems network requirements and federal use of 
networking standards, through the Federal Inter- 



41 Jo Ann Harris testimony, op. cit.. footnote 8, pp. 3-4. 

42 Diffic testimony, op. cit., footnote 24, p. 10. 

43 Successful adopters of other technology (e.g., the DES) may resist switching to the new technology, not wanting to "waste" or duplicate 
earlier investments. Also, some federal standards choices have been regarded as "picking failures," such as the choice of OSI rather than TCP/IP. 
Thus, adopters are wary of investing heavily in federal standards that ultimately may not even be widely used within government. 

44 Letter from John Pclick (Chairman. Federal Reserve System Security Steering Group) to M. Garrett (Federal Reserve Bank of Minneapo- 
lis). Feb. 17. 1994; and Marianne Emerson (Assistant Director, Division of Information Resources Management, Board of Governors of the 
Federal Reserve System), personal communications. Apr. 17, 1994 and June 23. 1994. 

45 Sec Carl F. Cargill, Information Technology Standardization: Theory, Process, and Organizations (Bedford, MA: Digital Press, 1989). 
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networking Requirements Panel. For the future, 
agencies will be able to adopt both sets of proto- 
cols according to the relative advantages and dis- 
advantages of each. 46 

Some of the resistance to the DSS and EES can 
be understood in terms of users' unwillingness to 
invest in multiple technologies and/or to make ob- 
solete prior investments in other technologies, 
such as the RSA and DES algorithms. Additional- 
ly, the evolution of cryptographic standards may 
be different from other information-technology 
standards, in that the private sector historically 
has been less capable than NSA in developing and 
evaluating the security of cryptographic technolo- 
gies. 

Other government policies can also raise costs, 
delay adoption, or reduce variety. In the case of 
cryptography-based safeguards, export controls 
segment domestic and export markets. This 
create^ additional disincentives to invest in the de- 
velopment — or use — of robust but nonexportable 
safeguards (see discussion below). As Stephen 
Walker (Trusted Information Systems, Inc.) testi- 
fied in May 1994: 

When U.S. industry foregoes the opportunity 
to produce products that integrate good security 
practices, such as cryptography, into their prod- 
ucts because they cannot export those products 
to their overseas markets, U.S. users (individu- 
als, companies, and government agencies) are 
denied access to the basic tools they need to pro- 
tect their own sensitive information. 

The U.S. government does not have the au- 
thority to regulate the use of cryptography with- 
in this country. But if through strict control of 
exports they can deter industry from building 
products that effectively employ cryptography, 
then they have achieved a very effective form of 
internal use control. 47 

The remainder of this chapter examines: 



The policy framework within which federal 
agencies formulate and implement their in- 
formation-security and privacy policies and 
guidelines. This establishes computer-security 
and information-security standards-setting au- 
thority through the Brooks Act of 1 965 and the 
Computer Security Act of 1987. Special atten- 
tion is given to the history and implementation 
of the Computer Security Act, because these 
are fundamental to understanding current is- 
sues related to federal cryptographic standards 
used to safeguard unclassified information. 

■ The export control regime that seeks to control 
proliferation of cryptography. This regime af- 
fects the competitiveness of U.S. companies 
that seek to create or incorporate safeguards 
based on cryptography and, therefore, affects 
the supply and use of these safeguards. 

■ The ongoing information-security research 
and federal standards activities of NIST and 
NSA. The Computer Security Act of 1987 was 
designed to balance national security and other 
national objectives, giving NIST the lead in 
setting security standards and guidelines for 
unclassified information and defining NSA's 
role as technical advisor to NIST. However, 
events subsequent to the act have not convinc- 
ingly demonstrated NIST's leadership in this 
area. 48 

GUIDANCE ON SAFEGUARDING 
INFORMATION IN FEDERAL AGENCIES 

Statutory guidance on safeguarding informa- 
tion provides a policy framework — in terms of 
technical and institutional requirements and man- 
agerial responsibilities — for government in- 
formation and information-system security. 



46 Aricllc Emmctt. "Applications Drive Federal TCP/IP Use." Federal Computer Week. May 9. 1994. pp. 22-23. 

47 Walker testimony, op. cit.. footnote 37, p. 26. 

48 See also U.S. General Accounting Office. Communications Privacy: Federal Policy and Actions. GAO/OSl-94-2 (Washington. DC: U.S. 
Govcmn>cnt Printing Office. November 1993). 
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Overlaid on this are statutory privacy require- 
ments that set forth policies concerning the disse- 
mination and use of certain types of information 
about individuals. Within this framework, and 
subject to their own specific statutory require- 
ments, federal agencies and departments develop 
their policies and guidelines, in order lo meet indi- 
vidual and government-wide security and privacy 
objectives (see box 4-5). 

Information security in the broadest sense is 
fundamental to privacy protection, because con- 
scientious use of appropriate technical and institu- 
tional information safeguards can help achieve 
privacy goals. The Privacy Act of 1974 set forth 
data collection, confidentiality, procedural, and 
accountability requirements federal agencies 
must meet to prevent unlawful invasions of per- 
sonal privacy, and provides remedies for noncom- 
pliance. It does not mandate use of specific 
technological measures to accomplish these re- 
quirements. Other statutes set forth information 
confidentiality and integrity requirements for spe- 
cific agencies, such as the Internal Revenue Ser- 
vice, Bureau of the Census, and so forth. (Issues 
related to the Privacy Act, and other, international 
privacy issues are discussed in chapter 3.) 

This section spotlights three key developments 
in the evolution of the overall statutory and regu- 
latory framework within which federal agencies 
formulate their information-security and privacy 
policies and guidelines, and then select and de- 
ploy safeguard technologies to implement them: 

1 . The Brooks Act of 1965 made the Commerce 
Department the focal point for promulgation of 
government "automatic data processing'' (i.e., 
computer and information-system) standards 
and authorized Commerce to conduct a 
research program to support standards develop- 
ment and assist federal agencies in implement- 



ing these standards. These responsibilities 
were carried out by the National Bureau of 
Standards (NBS, now NIST). 

2. The Paperwork Reduction Act of 1980 as- 
signed the Office of Management and Budget 
(OMB) responsibilities for maintaining a com- 
prehensive set of information resources man- 
agement policies and for promoting the use of 
information technology to improve the use and 
dissemination of information by federal agen- 
cies. OMB Circular A-130 (Management of 
Federal Information Resources) was originally 
issued in 1985 to fulfill these and other statuto- 
ry requirements (including the Privacy Act). 

3. The Computer Security Act of 1987 affirmed 
and expanded the computer-security research 
and standards responsibilities of NBS and gave 
it the responsibility for developing computer 
system security training programs and for com- 
menting on agency computer system security 
plans. The U.S. General Accounting Office 
(GAO) has audited agencies' progress in im- 
plementing the security controls mandated by 
the Computer Security Act of 1987. 49 

Special emphasis is given to the Computer Securi- 
ty Act in this chapter, because it is fundamental to 
the development of federal standards for safe- 
guarding unclassified information, to the balance 
between national-security and other objectives in 
implementing security and privacy policies 
within the federal government, and to issues con- 
cerning government control of cryptography. 
Moreover, review of the controversies and debate 
surrounding the Computer Security Act — and 



49 See the following GAO reports: Computer Security: Govemmenrwide Planning Process Had Limited Impact. GAO/IMTEC-90-48 
(Washington, DC: U.S. Government Printing Office. May 10. 1990); Computer Security: Compliance with Security Plan Requirements of the 
Computer Security Act. GAO/IMTEC-89-55. June 21. 1989; Compliance with Training Requirements of the Computer Security Act of 1987. 
GAO/IMTEC-89-16BR. Feb. 22. 1989); and Computer Security: Status of Compliance with the Computer Security Act of 1987. GAO/IM- 
TEC«88-61BR.Sept. 22. 1988. 
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BOX 4-5: What Are Federal-Agency Concerns? 



As part of this study, the Office of Technology Assessment held workshops on federal-agency issues 
related to information security and privacy in network environments. Participants came from a variety of 
agencies and had a variety of responsibilities and interests with respect to information privacy and se- 
curity. Their concerns, comments, and topics of interest included the following: 

Network Environments Require Changes 

■ The decentralized nature of Internet development has advantages and disadvantages We aren't fixing 
on a *°chnology too soon, and it's flexible, but having "no one in charge" means that responsibility for 
safeguards is decentralized, too Unfortunately, sometimes responsibility is more decentralized than au- 
thority, and agency managers don't have the authority they need to ensure good technology and prac- 
tices. 

■ Going from the Internet to the prospect of truly global networks, how could we ever have centralized con- 
trol? How do we develop appropriate safeguards, legal sanctions, penalties when information flows 
across borders, jurisdictions? 

■ At the agency level, the move away from mainframes into the distributed environment distributes respon- 
sibility for security and privacy to all users This can be a problem without attention to policies, proce- 
dures, and training 

■ There is a distinction between appropriate security for the network itself ("essential services" to ensure 
continuity of service, protection of passwords , etc .) and appropriate user choices of security "at the ends" 
for applications, data storage, etc The latter are the responsibility of the "reasonable user" who must de- 
cide what security investments to make based on cost, value of information resources, etc Nevertheless, 
it's often hard to cost-justify security, especially in times of tight budgets and/or no direct experience with 
security problems 

■ Safeguard choices must be based on standards of due diligence and due care for information providers, 
custodians, users Maintaining accountability and determining responsibilities of secondary users in dis- 
tributed environments are crucial— we have to deal with a continuum of ownership, confidentiality re- 
quirements, etc. 

■ Federal standards development often lags agency needs, so agencies wind up having to support several 
technologies in order to operate and communicate with the private sector and each other. What is needed 
is proactive, rather than reactive, standards and guidance. 

■ Export controls on cryptographic products cause complications for federal agencies that need to net- 
work with industry partners in cooperative research and development agreements when these partners 
are global organizations, or need to communicate with private-sector organizations, vendors, suppliers, 
etc Cryptographic safeguards can also introduce other complications in networking — they are designed 
to prevent "workarounds," so interoperability problems are harder to fix 

■ The lack of a government-wide security classification scheme will make it harder to determine appropri- 
ate levels of security when information is shared and used on an interagency basis 

(continued) 



subsequent controversies over its implementa- 
tion — provide background for understanding the 
current issues concerning Federal Information 
Processing Standards, such as the EES and DSS. 



I The Brooks Act 

The Brooks Act of 1 965 (Public Law 89-306) was 
enacted to "provide for the economic and efficient 
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BOX 4-5 (cont'd): What Are Federal-Agency Concerns? 



Users Make Safeguards Work— or Not Work 

■ We need to make training and awareness continuing and more effective — how can we better motivate 
users to understand and comply with privacy and security requirements? 

■ Do we need to make security "transparent and easy" for users in order to encourage compliance 9 Are 
rewards better incentives than punishments? 

■ In decentralized environments, can fostering personal ethics and responsibility as bases for effective se- 
curity and proper treatment of personal information be more effective than relying on sanctions or waiting 
for technology to "do it all"? 

Multiple Objectives Must Be Balanced 

■ Measures to ensure confidentiality and control access (including copyright mechanisms) must be bal- 
anced with the right of the public to have unfettered access to certain types of information. 

■ We have to develop an equitable way of compensating copyrightholders while preserving what we have 
now in terms of fair use, acceptable library practices, etc. What is the business process that develops 
public access with fair compensation and preservation of fair use, particularly when products are being 
licensed, not sold? 

■ We need way to develop a "public voice" in privacy and security policy development. Who is being in- 
cluded m the policy debate, and how can we build advocates for the citizen into the process? 

■ With respect to privacy— should there be a right to see files about yourself held in the private sector or 
by government? to correct them (e.g., Fair Credit Reporting Act)? Going to the courts is costly— are ad- 
ministrative sanctions more equitable for the "little guy"? 

SOURCE Office of Technology Assessment workshops. October and December 1994 



purchase, lease, maintenance, operation, and uti- 
lization of automatic data processing [ADP] 
equipment by federal departments and agencies." 
The Brooks Act gives the General Services Ad- 
ministration (GSA) central purchasing and over- 
sight authority over federal ADP and 
telecommunications equipment. The GSA Ad- 
ministrator may delegate purchasing authority to 
individual agencies for reasons of economy or op- 
erational efficiency, or when delegation is essen- 
tial to national defense or national security. 50 
Delegations of procurement authority for agency 
information systems and/or large purchases of 
particular computers have become increasingly 
common over the years, and GSA schedules have 
been established for commodity purchases of mi- 
crocomputers, peripherals, packaged software 
and the like. GSA, however, always retains central 



authority under the act and does centralized pro- 
curements, as in establishing the Federal Tele- 
phone System contract. Section 1 1 1 (c) of the act 
requires agencies to report annually to Congress 
and to the Office of Management and Budget (for- 
merly the Bureau of the Budget) on ADP equip- 
ment inventories, acquisitions, and utilization, as 
well as ADP expenditures. 

A provision of the Brooks Act that is funda- 
mental to unclassified information-system securi- 
ty is the authorization of the Secretary of 
Commerce: 

1 . to provide GSA and other agencies with scien- 
tific and technological advisory services relat- 
ing to automatic data processing and related 
systems, and 



The Warner Amendment (Public Law 97-86) exempted certain types of Department of Defense procurements from the Brooks Act. 
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2. to make appropriate recommendations to the 
President relating to the establishment of uni- 
form federal automated data processing stand- 
ards. 51 

This section also authorizes the Secretary of Com- 
merce to "undertake the necessary research in the 
sciences and technologies of automatic data proc- 
essing and related systems, as may be required un- 
der the provisions of this subsection." 

Thus, the Brooks Act established the computer- 
systems research programs and standards devel- 
opment conducted by the National Dureau of 
Standards, now the National Institute of Standards 
and Technology. NBS established its program in 
computer and communications security in 1973, 
under authority of the Brooks Act; the agency was 
already developing performance standards for 
government computers. This security program led 
to the adoption of the Data Encry ptfon Standard as 
a Federal Information Processing Standard for use 
in safeguarding unclassified information. 52 

The security responsibilities of what is now 
NIST's Computer Systems Laboratory (CSL) 
were affirmed and extended by the Computer Se- 
curity Act of 1987. CSL has been responsible for 
developing standards, providing technical assist- 
ance, and conducting research for computers and 
related systems; it also provides technical support 
to civil agencies and industry. CSL and its prede- 



cessors have published dozens of FIPS and guide- 
lines 53 on information-systems operations and 
security, most recently the controversial Es- 
crowed Encryption Standard (FIPS Publication 
185, 1994) and Digital Signature Standard (FIPS 
Publication 186, 1994). 

Under authority of the Brooks Act as amended, 
NIST participates in the activities of voluntary 
standards organizations such as the American Na- 
tional Standards Institute and the International Or- 
ganization for Standardization. For a more 
detailed history of the National Institute for Stan- 
dards and Technology's computer security pro- 
gram and the evolution of the DES, including the 
role of the National Security Agency, see the 
OTA's 1987 report, Defending Secrets, Sharing 
Data: New Locks and Keys for Electronic In- 
formation. 54 The Computer Security Act of 1987 
and NIST's responsibilities under the act are dis- 
cussed later in this chapter. 

The NIST director has indicated an intention of 
creating a new Information Technology Laboratory, 
based on the current Computer Systems Laborato- 
ry and the NIST Computing and Applied Mathe- 
matics Laboratory. The rationale for this would be 
to improve NIST's capabilities in the underlying 
technologies and enable NIST to be more respon- 
sive to the needs of industry and government with 
respect to the information infrastructure. 55 



Public Law 89-306. see. II 1(0. 

52 Following sonic debate concerning its robustness againslallack. given current technologies, the DES was recently recertified (until 1998) 
in hardware and —for the first time— in software ini pie men tat ions. The DES uses a symmetric encryption algorithm. It has been the basis of 
numerous other federal, national, and international standards and is in wide use to ensure information confidentiality via encryption (e.g.. NIST, 
op. cil.. footnote 1 4) and integrity \ ia message authentication (e.g.. NIST. "Computer Data Authentication." FIPS PUB 1 1 3 (Gaithersburg, MD 
U.S. Department of Commerce. May 30. 1985)). 

In addition to the DES. these standards include, for example NIST, "Guidelines for Automatic Data Processing Physical Security and 
Risk Management." FIPS PUB 3 1 . June 1974. "Guideline for Automatic Data Processing Risk Analysis." FIPS PUB 65. Aug. 1 . 1979; "Guide- 
lines lor Security of Computer Applications "FIPS PUB 73 June 30. 1980. "DES Modes of Operation," FIPS PUB 81. Dec. 2. 1980. "Computer 
Data Authentication." op. ctt.. footnote 52, "Key Management Using ANSI X9.17,"op. cil., footnote 15; "Secure Hash Standard." FIPS PUB 
1 80. May 1 1 . 1993; "Automated Password Generator," FIPS PUB 181. Oct. 5. 1993; ami "Security Requirements for Cryptographic Modules." 
FIPS PUB 140-1. Jan. 1 1 . 1994. All the FIPS publications arc published by the Department of Commerce. Gaithersburg. MD. 

* 4 OTA. op. cil.. footnote 1. Chapter 4 and appendix C of the 1987 report describe the DES; appendix D discusses use of the DES algorithm 
and others for message authentication and digital signatures. (Note As of 1994. software implementations of the DES comply with the federal 
standard.) 

ss Arati Prabhakar, Director. NIST. personal communication, May 12. 1994; NIST public affairs division. June 6, 1994. 
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I The Paperwork Reduction Act and 
OMB Circular A-130 

The Paperwork Reduction Act of 1980 (Public 
Law 96-51 1) gave agencies a broad mandate to 
perform their information-management activities 
in an efficient, effective, and economical manner. 
The Office of Management and Budget was given 
authority for: 

1. developing and implementing uniform and 
consistent information resource management 
policies; 

2. overseeing the development of and promoting 
the use of government information manage- 
ment principles, standards, and guidelines; 

3. evaluating the adequacy and efficiency of 
agency information management practices; and 

4. determining whether these practices comply 
with the policies, principles, standards, and 
guidelines promulgated by the director of 
OMB. 

The original OMB Circular A-130, The Man- 
agement of Federal Information Resources** was 
issued in 1985 to fulfill these and other statutory 
responsibilities, including requirements of the 
Privacy Act (see chapter 3). It revised and consoli- 
dated policies and procedures from several other 
OMB directives, which were rescinded. Appen- 
dix III of the circular addressed the "Security of 
Federal Automated Information Systems." Its 
purpose was to establish a minimal set of controls 
to be included in federal information systems se- 
curity programs, assign responsibilities for the se- 
curity of agency information systems, and clarify 



the relationship between these agency controls 
and security programs and the requirements of 
OMB Circular A- 123 {Internal Control Sys- 
tems). 51 The appendix also incorporated responsi- 
bilities from applicable national security 
directives. Federal agencies can obtain services 
from GSA on a reimbursable basis, in support of 
the risk analysis and security audit requirements 
of Circular A- 1 30; GSA also provides a number of 
information-system security documents. 

The security appendix of OMB Circular A- 1 30 
assigned the Commerce Department responsibil- 
ity for developing and issuing standards and 
guidelines for the security of federal information 
systems, for establishing standards "approved in 
accordance with applicable national security di- 
rectives/ 1 for systems used to process information 
that was national-security sensitive (but not classi- 
fied), and for providing technical support to agen- 
cies in implementing these standards and 
guidelines. The Defense Department was to act as 
the executive agent of the government for the se- 
curity of telecommunications and information 
systems that process information, "the loss of 
which could adversely affect the national security 
interest 11 (i.e., including information that was un- 
classified but was considered "sensitive"), and 
was to provide technical material and assistance to 
federal agencies concerning the security of tele- 
communications and information systems. These 
responsibilities later shifted (see below) in accor- 
dance with the Computer Security Act of 1987 
and National Security Directive 42, with the lead- 
ership responsibilities of the Commerce and De- 



™ Federal Register SO. Dec 24. 1985. pp. 52730-5275 1. 

S7 For applications security, agencies were required to establish management control processes to ensure appropriate security measures 
were implemented; agency officials were required to test security safeguards and certify they met all applicable federal requirements and stan- 
dards; and agencies were required to develop and assign responsibilities for contingency plans. In the area of personnel security, agencies were 
required to cstahlish screening procedures commensurate with the nature of the information to be handled and the potential risks and damages. 
Regarding installation security, agencies were required to assign responsibility for security and to conduct periodic risk analyses and establish 
disaster recovery and continuity plans. Agencies u ere also required to include all appropriate security requirements in procurement specifica- 
tions for information technology equipment, software, and services. Finally, agencies were required to cstahlish a security awareness and train- 
ing program. 
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fense Departments set according to whether the 
information domain was outside or within the area 
of "national security/* 58 

OMB Circular A~l 30 was revised in 1993, but 
the revised version of the security appendix was 
not available as this report went to press. Appen- 
dix III ("Security of Federal Automated Informa- 
tion Systems") was being revised to incorporate 
requirements of the Computer Security Act of 
1987 requirements for security plans described in 
OMB Bulletin 90-08. According to OMB, these 
revisions will incorporate changes based on the 
experience gained in visits to major agencies, and 
OMB will work with NIST to incorporate recom- 
mendations regarding better coordination be- 
tween the Circular A- 130 — Revised and OMB 
Circular A-123. 59 With respect to safeguarding 
information, Circular A- 130 — Revised (1993) 
generally provides that agencies shall: 

1 . ensure that information is protected commen- 
surate with the risk and magnitude of the harm 
that would result from the loss, misuse, or un- 
authorized access to or modification of such in- 
formation; 

2. limit the collection of information that identi- 
fies individuals only to that which is legally au- 



thorized and necessary for the proper 
performance of agency functions; 

3. limit the sharing of information that identifies 
individuals or contains proprietary information 
to that which is legally authorized, and impose 
appropriate conditions on use where a continu- 
ing obligation to ensure the confidentiality of 
the information exists; and 

4. provide individuals, upon request, access to re- 
cords maintained about them in Privacy Act 
systems of records, and permit them to amend 
those records that are in error, consistent with 
the provisions of the Privacy Act. 60 

I The Computer Security Act of 1987 

The Computer Security Act of 1987 (Public Law 
100-235) 61 was a legislative response to overlap- 
ping responsibilities for computer security among 
several federal agencies, heightened awareness of 
computer-security issues, and concern over how 
best to control information in computerized or 
networked form. The act established a federal 
government computer security program that 
would protect all sensitive, but unclassified in- 
formation in federal government computer sys- 
tems, as well as establish standards and guidelines 



^ The Computer Security Act of 1987 gave Commerce responsibility in information domains that contained information that was "sensi- 
tive" but not classified for national-security purposes. National Security Directive 42 ("National Policy for the Security of National Security 
[emphasis added] Telecommunications and Information Systems." July 5. 1990) established a National Security Telecommunications and In- 
formation Systems Security Committee (NSTISSC). made the Secretary of Defense the Executive Agent of the Government for National Secu- 
rity Telecommunications and Information Systems, and designated the Director of NSA as the National Manager for National Security Tele- 
communications and Information Systems. 

59 Office of Management and Budget. "Revision of OMB Circular No. A - 130" (Plans for Development of Other Topics), Federal Register, 
vol.58. July 2, 1993. 

60 Office of Management and Budget. Management of Federal Information Resources, Circular A- 130 — Revised. June 25. 1993. sec. 
8-a(9). The Secretary of Commerce is charged with developing and issuing FIPS and guidelines necessary to ensure the efficient and effective 
acquisition, management, and security of information technology. The Secretary of Defense is charged with developing, in consultation with 
the Administrator of General Services, uniform federal telecommunications standards and guidelines to ensure national security, emergency 
preparedness, and continuity of government (ibid., sec. 9-c,d). 

61 101 Stat. 1724. See legislative history in box 4-6. 
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to facilitate such protection. 62 (For legislative his- 
tory of the Computer Security Act of 1987, see 
box 4-6.) 

Specifically, the Computer Security Act as- 
signs NBS (now NIST) responsibility for the de- 
velopment of government-wide computer-system 
security standards and guidelines, and training 
programs. The act also establishes a Computer 
System Security and Privacy Advisory Board 
within the Department of Commerce, and requires 
Commerce to promulgate regulations based on 
NIST guidelines. Additionally, the act requires 
federal agencies to identify computer systems 
containing sensitive information, to develop secu- 
rity plans for identified systems, and to provide 
computer security training for all employees using 
or managing federal computer systems. (The 
Computer Security Act, as well as a memorandum 
of understanding (MOU) between NIST and NS A 
and subsequent letters of clarification, is con- 
tained in appendix B of this report.) 

Congressional concerns and public awareness 
created a climate conducive to passage of the 
Computer Security Act of 1987. Highly publi- 
cized incidents of unauthorized users, or "hackers," 
gaining access to computer systems and a growing 
realization of the government's dependence on in- 



formation technologies renewed national interest 
in computer security in the early 1980s. 63 

Disputes over how to control unclassified in- 
formation also prompted passage of the act. The 
Reagan Administration had sought to give the Na- 
tional Security Agency much control over "sensi- 
tive, but unclassified" information, while the 
public — especially the academic, banking, and 
business communities — viewed NSA as an inap- 
propriate agency for such responsibility. The Rea- 
gan Administration favored an expanded concept 
of national security. 64 This expanded concept was 
embodied in subsequent presidential policy direc- 
tives (see below), which in turn expanded NSA's 
control over computer security. Questions regard- 
ing the role of NSA in security for unclassified in- 
formation, the types of information requiring 
protection, and the general amount of security 
needed, all divided the Reagan Administration 
and the scientific community in the 1980s 65 

Agency Responsibilities Before the Act 

Some level of federal computer-security responsi- 
bility rests with the Office of Management and 
Budget, the General Services Administration, and 
the Commerce Department (specifically NIST 
and the National Telecommunications and In- 



62 The aci was "(ijo provide for a computer standards program within the National Bureau of Standards, to provide for government-wide 
computer security, and to provide for the training in security matters of persons who arc involved in the management, operation, and use of 
federal computer systems, and for other purposes" (ibid.). The National Bureau of Standards is now the National Institute of Standards and 
Technology. 

63 U.S. Congress. Office of Technology Assessment. Federal Government Information Technology: Management, Security and Congres- 
sional Oversight. OTA-CIT-297 (Washington. DC: U.S. Government Printing Office. February 1986). pp. 64-65. 

64 Sec. e.g.. Harold Rclyca. Silencing Science: National Security Controls and Scientific Communication (Norwood, NJ; Ahlcx. 1 994); and 
OTA, op. cil.. footnote 1 . ch. 6 and ch. 7. 

65 See. e.g., John T. Soma and Elizabeth J. Bedicnl. "Computer Security and the Protection of Sensitive but Not Classified Data. The Com- 
puler Security Act of 1987/* 30 Mr Force Iaw Review 1 35 ( 1 989). 
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BOX 4-6: Computer Security Act of 1987 Legislative Hjsttiry 



■ In 1985, Representative Dan Glickman introduced the Computer Security and Training Act of 1985 
(H.R. 2889). H.R. 2889 included provisions to establish a computer security research program within 
the National Bureau of Standards (now the National Institute of Standards and Technology) and to re- 
quire federal agencies to train their employees and contractor personnel in computer security tech- 
niques, with the intent of establishing NBS as the developer of training guidelines for federai employees 
who manage, operate, or uee automated information processing systems that do not include classified 
information. 1 Congressional hearings were held on the bill, and at the end of the 99th Congress it 
reached the House floor and was brought up under a suspension of the rules, but failed to obtain the 
two-thirds vote required and went no further. 2 In 1987, Representative Glickman, on behalf of himself 
and seven cosponsors, introduced H.R. 145, the Computer Security Act of 1987. based on the ea^r 
H.R. 2889. The bill eventually had 11 cosponsors in the House. 

Witnesses at hearings on H.R. 145 raised concerns over the implications of National Telecommu- 
nications and Information Systems Security Policy Directive No. 2, which proposed a new definition of 
"sensitive, but unclassified information." 3 This directive defined sensitive, but unclassified information 
as "information the disclosure, loss, misuse, alteration, or destruction of which could adversely affect 
national security or other federal government interests." 4 (The National Security Adviser rescinded this 
directive in 1987, in response to H R. 145. 5 ) Witnesses at hearings on H.R 145 warned that the National 
Security Agency could apply the "sensitive but unclassified" categorization to commercial databanks 
providing information jn federal government laws and policies. 6 Opponents to NSAs role in computer 
security also expressed concern that NSA was the agency responsible for determining federal comput- 
er systems security policy, even for systems that did not contain classified information 7 Witnesses re- 
minded Congress that current statutes already protected proprietary and classified information and 
trade secrets, NSAs role in this area, therefore, was unnecessary and could lead to restrictions on ac- 
cess to information 8 

Congress's primary objective in enacting the Computer Security Act of 1987 was to protect informa- 
tion in federal computer systems from unauthorized use. 9 The act set forth a clear definition of sensitive 



1 H R 2889. 99th Cong (1985) Sec also U S Congress. House of Representatives. Computer Security Act of 1987— Report to 
Accompany H.R. 145. H Rpt 10-153. 100th Cong .IstSess . Parts I and II (Washington. DC. U.S Government Printing Office. 1987). 
Pari I. p 8. 

2 H. Rpt 100-153. op cit , footnote 1. Part i.p. 8. 

3 'National Policy on Protection of Sensitive, but Unclassified Information in Federal Government Telecommunications and Auto- 
mated Information Systems." National Telecommunications and Information Systems Security Policy Directive No. 2. Oct 29. 1986 
This directive was usually referred to as NTISSP No 2 

4 Ibid., p 2 

5 H Rpt No. 100-153. op cit . footnote 1. Part I. p 8. 

^Computet Security Act of 1987 Hearings on H.R. 145 Before the Subcommittee on Legislation and National Secunty of the House 
Committee on Government Operations. 100th Cong.. 1st. Sess . Feb. 25. 26 and Mar 1 7. 1987. 

7 Hearings. Committee on Government Operations, op cit . footnote 6. p 1 

8 See Computer Security Act of 1 987 Heanngs on H.R 1 45 Before the Subcommittee on Science. Research, and Technologyand 
the Subcommittee on Transportation, Aviation, and Materials of the House Committee on Science. Space and Technology. 100th 
Cong.. 1st Sess . Feb 26 and May 19. 1987 

9 H Rpt 100-153. op cit. footnote 1. Part I.p 23 

(continued) 
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BOX 4-6 (cont'd.): Computer Security Act of1987 Legislative History 



information to ease some of the concern that led to the act's passage. 10 The legislative history assures 
that the definition of sensitive information was set forth in the Computer Security Act to guide NBS in 
determining what kinds of information should be addressed in its standards development process, the 
definition was not provided to authorize the establishment of a new quasi-classification of information. 11 

The act's legislative history clearly indicates that it was passed with the purpose of rejecting the fed- 
eral computer security plan of National Security Decision Directive 145 (NSDD-145). 12 As expressed by 
Senator Patrick Leahy during consideration of the Act, "(NSDD-145] signaled a dramatic shift in the 
management of government information protection from civilian authority to military authority. It has set 
the government on a course that has served neither the needs of national security nor the interests of 
the American people." 13 The Computer Security Act was intended to change the direction of this course 
and delegate control of unclassified information security to the appropriate civilian agency, NBS 

While Congress ciearly intended NSA to have an advisory role in all federal computer security. NBS 
was to have the primary role in security for unclassified information: "The bill appropriately divides re- 
sponsibility for developing computer security standards between the National Bureau of Standards 
[now NIST] and the National Security Agency. NSA will provide guidelines for computer systems which 
handle classified information and NBS will provide guidelines for those which handle unclassified but 
sensitive information." 14 

Office of Management and Budget Director Jim Miller stated that "it is the (Reagan] Administration's 
position that NBS, in developing Federal standards for the security of computers, shall draw upon tech- 
nical security guidelines developed by NSA in so far as they are available and consistent with the re- 
quirements of civil departments and agencies to protect data processed in their systems. When devel- 
oping technical security guidelines, NSA will consult with NBS to determine how its efforts can best 
support such requirements . . In this regard the technical security guidelines provided by NSA to NBS 
will be treated as advisory and subject to appropriate NBS review" 15 During consideration of the act, 
Senator Leahy said he believed that Miller's assertion continued to be the [Reagan] Administration's 
position and that the act would appropriately legislate such a relationship. 16 (See discussion of imple- 
mentation of the Computer Security Act of 1987 and the NIST/NSA Memorandum of Understanding later 
in this chapter) 

Congressional Reports 

■ House Report 99-753 on H.R 2889. "Computer Security Act of 1986." Aug 6. 1986 

■ House Report 100-153 on H.R. 145, "Computer Security Act of 1987," June 1 1 , 1987. 



10 Computer Security Act of 1987 (Public law 100-235). sec 3 Sensitive information was defined as "any information the loss, 
misuse, or unauthorized access lo or modification of which could adversely affect the national interest or the conduct of Federal pro- 
grams, or the privacy to which individuals are entitled under (the Privacy Act), but which has not been specifically authorized 
under criteria established by an Executive order or an Act of Congress to be kept secret in the interest oi national defense or foreign 
policy" (ibid ) 

11 H Rpt 100-153. op cit.. footnote 1. Part I. p 4 

12 Congressional Record. Dec 21.1987. p 37679 

13 Ibid 

14 Ibid . p 37680 (remarks ol Senator William V Roth. Jr ) 

1b H Rpt 100-153. op oil . footnote 1. Par! I. p 41 (letter to Chairman Roe), ibid . part II. p 37 (letter to Chairman Brooks) 
^Congressional Record. Dec 21.1987. pp 37679-80 
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BOX 4-6 (cont'd.): Computer Security Act/bf 1987 Legislative History ' 



Hearings 

■ House of Representatives, Committee on Science, Space, and Technology, Subcommittee on Trans- 
portation, Aviation, and Materials, Computer and Communications Security and Privacy, hearing, Sept. 
24,1984. 

■ House of Representatives, Committee on Science, Space, and Technology, Subcommittee on Trans- 
portation, Aviation, and Materials, Computer Security Policies, hearing, June 27, 1985. 

■ House of Representatives, Committee on Government Operations, Subcommittee on Legislation and Na- 
tional Security, Computer Security Research and Training Act of 1985, hearing, Sopt. 18, 1985. 

■ House of Representatives, Committee on Government Operations, Subcommittee on Government In- 
formation, Justice, and Agriculture, Electronic Collection and Dissemination of Information by Federal 
Agencies, hearings, Apr. 29, June 26, and Oct. 18, 1985. 

■ House of Representatives, Committee on Science, Space, and Technology, Subcommittee on Trans- 
portation, Aviation, and Materials, Federal Government Computer Security, hearings, Oct. 29, 30, 1985. 

■ House Report 96-1540, "Government's Classification of Private Ideas," Dec. 22, 1980. 

■ House of Representatives. Committee on Government Operations, Subcommittee on Legislation and Na- 
tional Security, Computer Security Act of 1 987 , hearings, Feb. 25, 26, Mar. 17, 1987. 

■ House of Representatives, Committee on Science, Space, and Technology, Subcommittee on Science, 
Research, and Technology and Subcommittee on Transportation, Aviation, and Materials, Computer Se- 
curity Act of 1987, hearing, Feb. 26, 1987. 

■ House of Representatives, Committee on Science, Space, and Technology, Subcommittee on Trans- 
portation, Aviation, and Materials, GAO Survey, "Federal Government Computer Security," hearing, May 
19, 1987 



SOURCE OKice of Technology Assessment. 1994 and cited sources 



formation Administration (NTIA)). OMB main- 
tains overall responsibility for computer security 
policy. 66 GSA issues regulations for physical se- 
curity of computer facilities and oversees techno- 
logical and fiscal specifications for security 
hardware and software. 67 In addition to its other 
responsibilities, NSA traditionally has been re- 
sponsible for security of information that is classi- 
fied for national-security purposes, including 
Department of Defense information. 68 Under the 



Brooks Act, the Department of Commerce devel- 
ops the Federal Information Processing Standards 
that provide specific codes, languages, proce- 
dures, and techniques for use by federal informa- 
tion systems managers. 69 NTIA serves as the 
Executive Branch developer of federal telecom- 
munications policy. 70 

These overlapping agency responsibilities hin- 
dered the development of one uniform federal 



66 U.S. Congress, House of Representatives, Committee on Science, Space, and Technology, Computer Security Act of 1987— Report to 
Accompany 1 1. R. /45,H.Rept. 100- 153, Part 1, 100th Cong., lstscss., June 1 1 , 1987 (Washington, DC: U.S. Government Printing Office, 1987), 
p. 7. 

67 Ibid. 

68 Ibid. 

69 Ibid. The F1PS apply only to federal agencies, but some, like the DES, have been adopted in voluntary standards and are used in the private 
sector. The HPS are developed by N 1ST and approved by the Secretary of Commerce. 

70 Ibid. 



ERLC 



151 



Chapter 4 Government Policies and Cryptographic Safeguards 1 143 



policy regarding the security of unclassified in- 
formation, particularly because computer security 
and communications security historically have 
developed separately. 71 In 1978, OMB had issued 
Transmittal Memorandum No. 1 (TM-1) to its 
Circular A-71, which addressed the management 
of federal information technology. 72 TM-1 re- 
quired federal agencies to implement computer 
security programs, but a 1982 GAO report con- 
cluded that Circular A-71 (and its TM-1) had 
failed to: 

1 . provide clear guidance to agencies on mini- 
mum safeguard requirements, 

2. clarify the relationship between national-secu- 
rity info* rnation security and other types of in- 
formation security, and 

3. provide guidance on general telecommunica- 
tions security. 73 

Executive orders in the 1980s, specifically the 
September 1984 National Security Decision Di- 
rective 145, National Policy on Telecommunica- 
tions and Automated Information Systems 
Security (NSDD-1 45), 74 created significant shifts 
and overlaps in agency responsibilities. Resolv- 
ing these was an important objective of the Com- 
puter Security Act. NSDD-1 45 addressed 
safeguards for federal systems that process or 
communicate unclassified, but "sensitive," in- 
formation. NSDD-1 45 established a Systems Se- 
curity Steering Group to oversee the directive and 
its implementation, and an interagency National 
Telecommunications and Information Systems 
Security Committee (NTISSC) to guide imple- 



mentation under the direction of the steering 
group. 75 

Expanded NSA Responsibilities 
Under NSDD-145 

In 1980, Executive Order 12333 had designated 
the Secretary of Defense as Executive Agent of the 
Government for Communications Security. 
NSDD- 1 45 expanded this role to encompass tele- 
communications and information systems securi- 
ty and responsibility for implementing policies 
developed by NTISSC. The Director of NSA was 
designated National Manager for Telecommu- 
nications and Automated Information Systems 
Security. The national manager was to implement 
the Secretary of Defense's responsibilities under 
NSDD-145. As a result, NSA was charged with 
examining government information and telecom- 
munications systems to evaluate their vulnerabili- 
ties, as well as with reviewing and approving all 
standards, techniques, systems, and equipment 
for telecommunications and information systems 
security. 

In 1985, the Office of Management and Budget 
(OMB) issued another circular concerning com- 
puter security. This OMB Circular A- 130, Manage- 
ment of Federal Information Resources, revised 
and superseded Circular A-71 (see previous sec- 
tion). OMB Circular A- 130 defined security, en- 
couraged agencies to consider information 
security essential to internal control reviews, and 
clarified the definition of "sensitive" information 
to include information "whose improper use or 



71 Jclcn. op. cit.. footnote 34, pp. 1-6 — 1-17. Jelcn explains that computer security and communications security are interdependent and 
inseparable because computers and telecommunications themselves converged (ibid., p. 1-7). 

72 Office of Management and Budget, Transmittal Memorandum No. 1 to OMB Circular A-71 , 1978. 

73 U.S. General Accounting Office, Federal Information Systems Remain Highly Vulnerable to Fraudulent, Wasteful. Abusive, and Illegal 
Practices (Washington. DC: U.S. Government Printing Office, 1982). 

74 NSDD- 1 45 is classified. An unclassified version was used as the basis for this discussion. 

75 This is now the National Security Telecommunications and Information Systems Security Committee, or NST1SSC. Sec footnote 58. 
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disclosure could adversely affect the ability of an 
agency to accomplish its mission .... " 76 

In 1986, presidential National Security Adviser 
John Poindexter 77 issued National Telecommu- 
nications and Information Systems Security 
Policy Directive No. 2 (NTISSP No. 2). NTISSP 
No. 2 proposed a new definition of "sensitive but 
unclassified information." It potentially could 
have restricted access to information that pre- 
viously had been available to the public. Specifi- 
cally, "sensitive but unclassified information," 
within the meaning set forth in the directive, in- 
cluded not only information which, if revealed, 
could adversely affect national security, but also 
information that could adversely affect "other fed- 
eral government interests" if released. Other fed- 
eral government interests included economic, 
financial, technological, industrial, agricultural, 
and law enforcement interests. 

Such an inclusive directive sparked enormous, 
negative public response. As the Deputy Director 
of NBS stated during 1987 hearings on the Com- 
puter Security Act, the NTISSP No. 2 definition 
of sensitive information was a "totally inclusiona- 
ry definition. . . [t]here is no data that anyone 
would spend money on that is not covered by that 
definition." 78 Opponents of NSDD-145 and 
NTISSP No. 2 argued that NSA should not have 
control over federal computer security systems 
that did not contain classified information 79 The 
business community, in particular, expressed con- 
cern about NSA's ability and suitability to meet 



the private sector's needs and hesitated to adopt 
NSA's encryption technology in lieu of the DES. 
At the time, the DES was up for recertification. 80 
In the House Report accompanying H.R. 145, the 
Committee on Science, Space and Technology 
noted that: 

NSDD-145 can be interpreted to give the na- 
tional security community too great a role in set- 
ting computer security standards for civil 
agencies. Although the (Reagan) Administra- 
tion has indicated its intention to address this is- 
sue, the Committee felt it is important to pursue 
a legislative remedy to establish a civilian au- 
thority to develop standards relating to sensi- 
tive, but unclassified data. 81 

In its explanation of the bill, the committee also 
noted that: 

One reason for the assignment of responsibil- 
ity to NBS for developing federal computer sys- 
tem security standards and guidelines for 
sensitive information derives from the commit- 
tee's concern about the implementation of Na- 
tional Security Decision Directive- 145. 

. . . While supporting the need for a focal point 
to deal with the government computer security 
problem, the Committee is concerned about the 
perception that the NTISSC favors military and 
intelligence agencies. It is also concerned about 
how broadly NTISSC might interpret its author- 
ity over "other sensitive national security in- 
formation." For this reason, H.R. 145 creates a 
civilian counterpart, within NBS, for setting 



76 Office of Management and Budget. OMB Circular A- 1 30 ( 1 985). As this report went to press, the computer security sections of A- 1 30 
were still being revised but were expected to issue in 1994. The other sections of A- 1 30 have been revised and were issued in 1993. 

77 Adm. Poindexter was also chairman of the NSDD-145 Systems Security Steering Group (NSDD-145. sec. 4). 

78 Raymond Kammcr. Deputy Director. National Bureau of Standards, testimony. Computer Security Act of 1987: Hearings on H.R. 145 
Before the Subcommittee on Legislation and National Security of the House Committee on Government Operations. 1 00th Cong.. 1st Scss.. 
Feb. 26. 1987. Sec also H. Rept. 100-153. Part I. op. cit.. footnote 66. p. 18. 

79 Sec U.S. Congress. House of Representatives. Committee on Science. Space and Technology. Computer Security Act of 1987: Hearings 
on H.R. 145 Before the Subcommittee on Science. Research, and Technology and the Subcommittee on Transportation. Aviation, and Materials 
of the House Committee on Science. Space, and Technology. 1 00th Cong.. I st scss. (Washington. DC: U.S. Government Printing Office. 1 987). 
pp. 146-191. 

80 For history, sec OTA. op. cit.. footnote I . pp. 1 02- 1 08. Despite NS A*s desire to replace the DES with a family of cryptographic modules 
using classified algorithms, it was reaffirmed in 1988. 

81 H. Rept. 100-153. Part I. op. cit.. footnote 66. p. 22. 
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policy with regard to unclassified informa- 
tion. , , NBS is required to work closely with 
other agencies and institutions such as NSA, 
both to avoid duplication and to assure that its 
standards and guidelines are consistent and 
compatible with standards and guidelines devel- 
oped for classified systems; but the final author- . 
ity for developing the standards and guidelines 
for sensitive information rests with the NBS. 82 

In its report on H.R. 145, the Committee on 
Government Operations explicitly noted that the 
bill was "neutral" with respect to public disclosure 
of information and was not to be used by agencies 
to exercise control over privately owned informa- 
tion, public domain information, or information 
disclosable under the Freedom of Information Act 
or other laws. 83 Furthermore, the committee 
noted that H.R. 1 45 was developed in large part to 
ensure the delicate balance between *'the need to 
protect national security and the need to pursue the 
promise that the intellectual genius of America of- 
fers us." 84 The committee also noted that: 

Since it is a natural tendency of DOD to re- 
strict access to information through the classifi- 
cation process, it would be almost impossible 
for the Department to strike an objective bal- 
ance between the need to safeguard information 
and the need to maintain the free exchange of in- 
formation. 85 

Subsequent to tlie Computer Security Act of 
1987, DOD's responsibilities under NSDD-145 
were aligned by National Security Directive 42 
(NSD 42) to cover "national security" telecom- 
munications and information systems. 86 NSD 42 



established the National Security Telecommu- 
nications and Information Systems Security 
Committee (NST1SSC), made the Secretary of 
Defense the Executive Agent of the Government 
for National Security Telecommunications and 
Information Systems, and designated the Director 
of NSA the National Manager for National Securi- 
ty Telecommunications and Information Sys- 
tems. 87 As such, the NSA director is to coordinate 
with NIST in accordance with the Computer Se- 
curity Act of 1987. NSD 42 does not rescind pro- 
grams, such as those begun under NSDD-1 45, that 
pertain to national-security systems, but these are 
not construed as applying to systems within the 
purview of the Computer Security Act of 1987 88 

Agency Information-System Security 
Responsibilities Under the Act 

Under the Computer Security Act of 1 987 , all fed- 
eral agencies are required to identify computer 
systems containing sensitive information, and to 
develop security plans for identified systems. 89 
The act also requires mandatory periodic training 
in computer security for all federal employees and 
contractors who manage or use federal computer 
systems. The Computer Security Act gives final 
authority to NIST [then NBS] for developing 
government-wide standards and guidelines for 
unclassified, sensitive information, and for de- 
veloping government-wide training programs. 
In carrying out these responsibilities, NIST can 
draw upon the substantial expertise of NSA and 
other relevant agencies. Specifically, NIST is 



82 Ibid., p. 26. 

83 H. Rcpt. 100-153. Part II. op. cit., footnote 33, p. 30. 

84 Ibid., p. 29. 

85 Ibid., p. 29. 

86 National Security Directive 42. op. cit.. fwtnotc 58. The National Security Council released an unclassified, partial text of NSD 42 to 
the Computer Professionals for Social Responsibility on Apr. 1 . 1 992, in response to Freedom of Information Act (FOl A) requests made in 
1990. 

87 NSD 42 (unclassified partial text), sees. 1-7 

88 ibid., sec. 10. 

89 Public Law 100-235. sec. 6. 
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The National Cryptologic Museum at Ft. George G. Meade, Maryland. 



authorized to "coordinate closely with other agen- 
cies and offices" including NSA, OTA, DOD, the 
Department of Energy, GAO, and OMB. 90 This 
coordination is aimed at "assuring] maximum 
use of all existing and planned programs, materi- 
als, studies, and reports relating to computer sys- 
tems security and privacy" and assuring that 
NISTs computer security standards are "consis- 
tent and compatible with standards and proce- 
dures developed for the protection of information 
in federal computer systems which is authorized 
under criteria established by Executive order or an 



Act of Congress to be kept secret in the interest of 
national defense or foreign policy/' 91 Additional- 
ly, the Computer Security Act authorizes NIST to 
"draw upon computer system technical security 
guidelines developed by [NSA] to the extent that 
[NIST] determines that such guidelines are con- 
sistent with the requirements for protecting sensi- 
tive information in federal computer systems/' 92 
The act expected that "[t]he method for promul- 
gating federal computer system security standards 
and guidelines is the same as for non-security 



<)0 Ibid., sec. .Vh)(6). NIST coordination with OTA in this regard generally consists of including OTA staff in external review of selected 
NIST reports. 

91 Ibid. 

1)2 Ibid. 
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standards and guidelines/' 93 The intent of the act 
was that NSA not have the dominant role and to 
recognize the potential market impact of federal 
security standards: 

. . . [I]n carrying out its responsibilities to devel- 
op standards and guidelines for protecting sensi- 
tive information in federal computer systems 
and to perform research, NBS [now NIST] is re- 
quired to draw upon technical security guide- 
lines developed by the NSA to the extent that 
NBS determines that NSA's guidelines are con- 
sistent with the requirements of civil agencies. 
The purpose of this language is to prevent un- 
necessary duplication and promote the highest 
degree of cooperation between these two agen- 
cies. NBS will treat NSA technical security 
guidelines as advisory, however, and, in cases 
where civil agency needs will best be served by 
standards that are not consistent with NSA 
guidelines, NBS may develop standards that 
best satisfy the agencies' needs. 

It is important to note the computer security 
standards and guidelines developed pursuant to 
H.R. 145 are intended to protect sensitive in- 
formation in Federal computer systems. Never- 
theless, these standards and guidelines will 
strongly influence security measures imple- 
mented in the private sector. For this reason, 
NBS should consider the effect of its standards 
on the ability of U.S. computer system manufac- 
turers to remain competitive in the international 
marketplace. 94 

In its report accompanying H.R. 145, the Com- 
mittee on Government Operations noted that: 

While the Committee was considering H.R. 
145, proposals were made to modify the bill to 
give NSA effective control over the computer 
standards program. The proposals would have 
charged NSA with the task of developing "tech- 



nical guidelines," and forced NBS to use these 
guidelines in issuing standards. 

Since work on technical security standards 
represents virtually all of the research effort be- 
ing done today, NSA would take over virtually 
the entire computer standards from the National 
Bureau of Standards. By putting NSA in charge 
of developing technical security guidelines 
(software, hardware, communications), NBS 
would be left with the responsibility for only ad- 
ministrative and physical security measures — 
which have generally been done years ago. 
NBS, in effect, would on the surface be given the 
responsibility for the computer standards pro- 
gram with little to say about most of the pro- 
gram — the technical guidelines developed by 
NSA. 

This would jeopardize the entire Federal 
standards program. The development of stan- 
dards requires interaction with many segments 
of our society, i.e., government agencies, com- 
puter and communications industry, internation- 
al organizations, etc. NBS has performed this 
kind of activity very well over the last 22 years 
[since enactment of the Brooks Act of 1965]. 
NSA, on the other hand, is unfamiliar with it. 
Further, NSA's products may not be useful to ci- 
vilian agencies and, in that case, NBS would 
have no alternative but to issue standards based 
on these products or issue no standards at all. 95 

The Committee on Government Operations also 
noted the concerns of industry and the research 
community regarding the effects of export con- 
trols and NSA involvement in private-sector acti- 
vities, including restraint of innovation in 
cryptography resulting from reduced incentives 
for the private sector to invest in independent re- 



9 * H. Rept. 100-153. Pari I, op. cit.. footnote 66. p. 26. 

94 Ibid., p. 27. 

95 H. Rcpt. 100-153. Part II. op. cit.. footnote 33. pp. 25-26. 
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search, development, and production of products 
incorporating cryptography. 96 

The Computer Security Act of 1987 estab- 
lished a Computer System Security and Privacy 
Advisory Board (CSSPAB) within the Depart- 
ment of Commerce: 

The chief purpose of the Board is to assure 
that NBS receives qualified input from those 
likely to be affected by its standards and guide- 
lines, both in government and the private sector. 
Specifically, the duties of the Board are to iden- 
tify emerging managerial, technical, adminis- 
trative and physical safeguard issues relative to 
computer systems security and privacy and to 
advise the NBS and the Secretary of Commerce 
on security and privacy issues pertaining to fed- 
eral computer systems. 97 

The Chair of the CSSPAB is appointed by the Sec- 
retary of Commerce. The board is required to re- 
port its findings relating to computer systems 
security and privacy to the Secretary of Com- 
merce, the OMB Director, the NSA Director, the 
House Committee on Government Operations, 
and the Senate Committee on Governmental Af- 
fairs. 98 

Implementation of the Computer Security Act 
has been controversial, particularly with respect to 
the roles of NIST and NSA in standards develop- 
ment. The two agencies developed a memoran- 



dum of understanding to clarify the working 
relationship, but this MOU has been controversial 
as well, because of concerns in Congress and else- 
where that its provisions cede NSA much more 
authority than the act had granted or envisioned. 99 
The last section in this chapter examines imple- 
mentation issues related to the MOU and the roles 
of NIST and NSA. (Chapter 2 examined addition- 
al implementation issues concerning the federal 
role in safeguarding information in the informa- 
tion infrastructure.) 

I Future Directions in Safeguarding 
Information In Federal Agencies 

Information resource management in the federal 
government is in need of general reform. Informa- 
tion technologies — properly used — have the po- 
tential not only to improve government 
information resource management, but also to im- 
prove the overall effectiveness and efficiency of 
government. 100 This requires that top manage- 
ment is informed and interested — information 
technology has all too often been viewed as a tool 
to make incremental improvements, rather than an 
integral part of operations. Compared with tradi- 
tional mainframe or paper-based methods, mod- 
ern databases and networking services provide 
opportunities to actually change the way that fed- 



96 Ibid., pp. 22-25 and 30-35. In 1986. NSA had announced a program to develop cryptographic modules that qualified communications 
manufacturers could embed in their products. NSA's development of these cmbeddablc modules was part of NSA's Development Center for 
Embedded COMSEC Products. (NSA Press release for Development Center for Embedded COMSEC Products. Jan. 10. 1 986.) 

97 H. Rept. 100- 153. Part I, op. cit.. footnote 66, pp. 27-28. 

98 Public Law 100-235. sec. 3. 

"The manner in which NIST and NSA planned to execute their functions under the Computer Security Act of 1987. ay evidenced by the 
MOU. was the subject of hearings in 1 989. Sec U.S. Congress. House of Representatives. Subcommittee on Legislation and National Security, 
Committee on Government Operations, Military and Civilian Control of Computer Security Issues, 10 1 st Cong.. I st scss.. May 4. 1 989 (Wash- 
ington. DC: U.S. Government Printing Office, 1 989). The NIST-NS A working relationship has subsequently been raised as an issue, with regard 
to the EES and the DSS. 

100 Sec Committee on Applications and Technology. National Information Infrastructure Task Force, Putting the Information Infrastruc- 
ture to Work. NIST Special Publication 857 (Washington. DC: U.S. Government Printing Office. May 1994). 
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eral agencies (as well as corporations and other or- 
ganizations) do business. 101 

Clear, strong leadership is vital to effective use 
of information technology. 102 Leadership and 
management commitment are also crucial in safe- 
guarding information. 103 Unfortunately, respon- 
sibility for information safeguards has often been 
disconnected from the rest of information man- 
agement, and from top managment. Information 
safeguards have all too often been viewed as ex- 
pensive overhead, rather than a valuable form of 
insurance. Higher level agency managers are not 
necessarily unconcerned about protecting the or- 
ganization's assets, but are under constant pres- 
sure to trim budgets and personnel. Responsibility 
for information safeguards too often lies with 
computer security professionals who do not have 
the authority and resources they need. 

This disconnected responsibility is not limited 
to the federal government. Information safe- 
guards generally tend not to be addressed with the 
levels of attention they deserve, even in the private 
sector. One reason may be that the field of in- 
formation safeguards is relatively new and lacks 



the historical development and popular attention 
that exist in older fields, such as airplane or bridge 
safety. 104 Problems due to an absence or break- 
down of information safeguards can be underre- 
ported, or even kept completely secret. 
Information-security "disasters," "near misses," 
and compromises, like the 1988 Internet Worm 
and the 1 994 "password sniffer" network monitor- 
ing incidents and intrusions into civilian and mili- 
tary computer systems, have only recently begun 
to receive popular attention. 105 

The Computer Security Act of 1 987 requires all 
federal agencies to identify computer systems 
containing sensitive information, and to develop 
security plans for these systems. 106 The act also 
requires mandatory periodic training in computer 
security for all federal employees and contractors 
who manage, use, or operate federal computer 
systems. In its workshops and discussions with 
federal employees and knowledgeable outside ob- 
servers, OTA found that these provisions of the 
Computer Security Act are viewed as generally 



101 Reforming information resource management in the federal government to improve electronic delivery of services is discussed in U.S. 
Congress, Office of Technology Assessment, Making Government Work: Electronic Delivery oj 'Federal Services, OTA-TCT-578 (Washington. 
DC: U.S . Government Printing Office. September 1 993 ). See also Office of the Vice President, Reengineering Through I nformation Technology 
(Accompanying Report of the National Performance Review), September 1993 (released May 1994). 

102 Sec U.S. General Accounting Office. Executive Guide: Improving Mission Performance Through Strategic Information Managment 
and Technology, GAO'AlMD-94-1 15 (Washington. DC: U.S. Government Printing Office, May 1994). See also Reengineering Through In- 
formation Technology, op. cit„ footnote 101, ch. 1T01. 

l0 -Mbid.,ch. ITIO. 

104 Computer models to simulate and test bridge and airplane designs have been used for decades. A sensational airplane or bridge disaster 
is also obvious, and ascertaining accountability is generally more straightforward. In contrast, networks are changing constantly. No good 
methodology exists to prove that a network is secure, or to simulate its operation under worst-case conditions. 

105 Sec Peter H, Lewis, "Hackers on Internet Posing Security Risks, Experts Say/' The New York Times, July 21,1 994, pp. 1 . B 1 0. Sec also 
L. Dain Gary. Manager. Computer Emergency Response Team Operations, Camcgie Mellon University, testimony, Hearing on I nternet Securi- 
ty, Subcommittee on Science. Committee on Science. Space, and Technology, U.S. House of Representatives, Mar. 22, 1994; and F. Lynn 
McNulty. NIST Associate Director for Computer Security, testimony. Hearing on Internet Security Subcommittee on Science, Committee on 
Science, Space, and Technology, U.S. House of Representatives. Mar. 22. 1994. 

106 Public Law 100-235. sec. 6. 
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adequate as written, but that their implementation 
can be problematic. 107 

During the course of this project, OTA found 
strong sentiment that agencies follow the rules sef 
forth by the Computer Security Act, but not neces- 
sarily the full intent of the act. In practice, there are 
both insufficient incentives for compliance and 
insufficient sanctions for noncompliance with the 
spirit of the act — for example, agencies do devel- 
op the required security plans. However, the act 
does not require agencies to review them periodi- 
cally or update them as technologies or circum- 
stances change. One result of this is that 
~[s]ecurity of systems tends to atrophy over time 
unless there is a stimulus to remind agencies of its 
importance." 108 Another result is that agencies 
may not treat security as an integral component 
when new systems are being designed and devel- 
oped. 

OMB is responsible for developing and imple- 
menting government-wide policies for informa- 
tion resource management; for overseeing the 
development and promoting the use of govern- 
ment information-management principles, stan- 
dards, and guidelines; and for evaluating the 
adequacy and efficiency of agency information- 
management practices. Information-security 
managers in federal agencies must compete for re- 
sources and support to properly implement 
needed safeguards. In order for their efforts to 
succeed, both OMB and top agency management 
must fully support investments in cost-effective 
safeguards. Given the expected increase in inter- 



agency sharing of data, interagency coordination 
of privacy and security policies is also necessary 
to ensure uniformly adequate protection. 

The forthcoming revision of Appendix III 
("Agency Security Plans") of OMB Circular 
A- 130 will be central to improved federal in- 
formation security practices. The revision of Ap- 
pendix III will take into account the provisions 
and intent of the Computer Security Act, as well as 
observations regarding agency security plans and 
practices that resulted from series of agency visits 
made by OMB, NIST, and NSA in 1992. 109 Be- 
cause the revised Appendix III had not been issued 
at the time this report was written, OTA was un- 
able to gauge its potential for improving informa- 
tion security in federal agencies or its potential for 
making implementation of the Computer Security 
Act more effective. To the extent that the revised 
Appendix III facilitates more uniform treatment 
across federal agencies, it can also make fulfill- 
ment of Computer Security Act and Privacy Act 
requirements more effective when agencies share 
data (see chapter 3). 

U.S. EXPORT CONTROLS 
ON CRYPTOGRAPHY 

The United States has two regulatory regimes for 
exports, depending on whether the item to be ex- 
ported is military in nature, or is "dual-use," hav- 
ing both civilian and military uses. These regimes 
are administered by the State Department and the 
Commerce Department, respectively. Both re- 



107 Some of the possible measures to improve implementation that were suggested during these discussions were: increasing resources for 
OMB to coordinate and oversee agency security plans and training; increasing resources for NIST and/or other agencies to advise and review 
agency security plans and training; selling aside part of agency budgets for information security (to be used for risk assessment, training, devel- 
opment, and so forth); and'nr rating agencies according to the adequacy and effectiveness of their information-security policies and plans and 
withholding funds until performance meets predetermined accepted levels. (Discussions in OTA workshops and interviews, 1993-94.) 

108 Office of Management and Budget (in conjunction with NIST and NSA), Observations of Agency Computer Security Practices and 
Implementation of OMB Bulletin No. 90-08: Guidance for Preparation of Security Plans for Federal Computer Systems That Contain Sensitive 
Information. February 1993. p. II. 

,(W Ibid. According to OMB. NIST, and NSA, these visits were successful in raising agency managers* awareness of computer security and 
ol its importance. The three agencies found thai periodically focusing senior management attention on the value of computer security to agency 
operations and service deliver)' improves the effectiveness of agency computer security programs and can also result in increased resources 
and updated security policy directives (pp. I M2). 
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gimes provide export controls on selected goods 
or technologies for reasons of national security or 
foreign policy. Licenses are required to export 
products, services, or scientific and technical 
data 110 originating in the United States, or to re- 
export these from another country. 

Licensing requirements vary according to the 
nature of the item to be exported, the end use, the 
end user, and, in some cases, the intended destina- 
tion. For many items, no specific approval is re- 
quired and a "general license" applies (e.g., when 
the item in question is not military or dual-use 
and/or is widely available from foreign sources). 
In other cases, an export license must be applied 
for from either the State Department or the Com- 
merce Department, depending on the nature of the 
item. In general, the State Department's licensing 
requirements are more stringent and broader in 
scope. 111 Licensing terms differ between the 
agencies, as do time frames and procedures for li- 
censing review, revocation, and appeal. 

I State Department Export Controls 
on Cryptography 

The Arms Export Control Act and International 
Traffic in Arms Regulations (ITAR) 1 12 are admin- 
istered by the State Department and control export 
of items (including hardware, software, and tech- 



nical data) that are "inherently military in charac- 
ter" and, therefore, placed on the Munitions 
List. 1 1 3 Items on the Munitions List are controlled 
to all destinations, meaning that "validated" li- 
censes — requiring case-by-case review — are re- 
quired for any exports (except to Canada, in some 
cases). The Munitions List is established by the 
State Department, in concurrence with the Depart- 
ment of Defense; the State Department's Office of 
Defense Trade Controls administers the ITAR and 
issues licenses for approved exports. DOD pro- 
vides technical advice to the State Department 
when there ^re questions concerning license ap- 
plications or commodity jurisdiction (i.e., wheth- 
er State or Commerce regulations apply — see 
below). 

With certain exceptions, cryptography falls in 
"Category XIII — Auxiliary Military Equipment" 
of the Munitions List, Category XIII(b) covers 
"Information Security Systems and equipment, 
cryptographic devices, software and components 
specifically designed or modified therefore," gen- 
erally including: 

1 . cryptographic and key-management systems 
and associated equipment, subcomponents, 
and software capable of maintaining informa- 
tion or information-system secrecy/confiden- 
tiality; 



1 10 Both the Export Administration Act (50 U.S.C. App. 2401-2420) and the Amis Export Control Act (22 U.S.C. 275 1 -2794) provide au- 
thority to control the dissemination to foreign nationals (export) of scientific and technical data related to items requiring export licenses under 
the regulations implementing these acts. "Scientific and technical data" can include the plans, design specifications, or other information that 
describes how to produce an item. 

For history and discussion of national-security controls on scientific and technical data, see H. Relyea. op. cit.. footnote 64; and Kenneth 
Kalivoda.'Thc Export Administration Act's Technical Data Regulations: Do They Violate the First Amendment?" Georgia Journal of Interna- 
tional and Comparative Law\ vol. 1 1 , fall 198 1, pp. 563-587. Other statutory authorities for national-security controls on scientific and technical 
data arc found in the Restricted Data or "bom classified" provisions of the Atomic Energy Act of 1946 (60 Stat. 755) and the Atomic Energy 
Act of 1954 (68 Stat. 919. 42 U.S.C. 2011-2296) and the Invention Secrecy Act of 1951 (35 U.S.C. 181-188). which allows for patent secrecy 
orders and withholding of patents on national-security grounds. NSA has obtained patent secrecy orders on patent applications for cryptograph- 
ic equipment and algorithms under authority of the Invention Secrecy Act. 

1 1 1 For a comparison of the two ex port -control regimes, sec U.S. General Accounting Office. Export Controls: Issues in Removing Militarily 
Sensitive Items from the Munitions List, GAO/NSI AD-93-67 (Washington. DC: U.S. Government Printing Office . March 1993). especially pp. 
10-13. 

n2 22C.F.R. 120-130. 

11 ? See Supplement 2 to Part 770 of the Export Administration Regulations. The Munitions List has 21 categories of items and related 
technologies, such as artillery and projectiles (Category II) or toxicological and radiological agents and equipment (Category XIV). Category 
XI Il(b) consists of "Information Security Systems and cquipn>cnt. cryptographic devices, software, and components specifically modified 
therefore." 

1G0 
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2. cryptographic and key-management systems 
and associated equipment, subcomponents, 
and software capable of generating spreading 
or hopping codes for spread-spectrum systems 
or equipment; 

3. cryptanalytic systems and associated equip- 
ment, subcomponents, and software; 

4. systems, equipment, subcomponents and soft- 
ware capable of providing multilevel security 
that exceeds class B2 of the NSA's Trusted 
Computer System Evaluation Criteria, as well 
as software used for certification; 

5. ancillary equipment specifically designed or 
modified for these functions; and 

6. technical data and defense services related to 
the above. 114 

Several exceptions apply to the first item above. 
These include the following subcategories of 
cryptographic hardware and software: 

a. those used to decrypt copy-protected software, 
provided that the decryption functions are not 
user-accessible; 

b. those used only in banking or money transac- 
tions (e.g., in ATM machines and point-of-sale 
terminals, or for encrypting interbanking trans- 
actions); 

c. those that use analog (not digital) techniques 
for cryptographic processing in certain applica- 
tions, including facsimile equipment, re- 
stricted-audience broadcast equipment, and 
civil television equipment; 

d. those used in personalized smart cards when 



the cryptography is of a type restricted for use 
only in applications exempted from Munitions 
List controls (e.g., in banking applications); 

e. those limited to access-control functions (e.g., 
for ATM machines, point-of-sale terminals, 
etc.) in order to protect passwords, personal 
identification numbers, and the like provided 
that they do not provide for encryption of other 
files or text; 

f. those limited to data authentication (e.g., calcu- 
lating a message authentication code) but not 
allowing general file encryption; 

g. those limited to receiving radio broadcast, pay 
television, or other consumer-type restricted 
audience broadcasts, where digital decryption 
is limited to the video, audio, or management 
functions and there are no digital encryption ca- 
pabilities; and 

h. those for software designed or modified to pro- 
tect against malicious computer damage from 
viruses, and so forth. 115 

Cryptographic hardware and software in these 
subcategories are excluded from the ITAR regime 
and fall under Commerce's jurisdiction. Note, 
however, that these exclusions do not include 
hardware-based products for encrypting data or 
other files prior to transmission or storage, or user- 
accessible, digital encryption software for ensur- 
ing email confidentiality or read-protecting stored 
data or text files. These remain under State De- 
partment control. 



114 Ibid. Sec Category Xlll(h)((l ) (5)) anil XIII(k). For a rcuew of controversy during the I *>7()s anil early 1980s concerning control of 
er>ptographie publication, see K Wcmgartcn. "Continuing Cryptographic Public at ion." Computers & Scruntv, \nl. 2. fMtf, pp. 41 48. 

l|S Ihiu\SeeXlINh)(l)(i>-(i\). 
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I Commerce Department Export Controls 
on Cryptography 

The Export Administration Act (EAA) 1 1 6 and Ex- 
port Administration Regulations (EAR) 1 17 are ad- 
ministered by the Commerce Department and are 
designed to control exports of "sensitive" or dual- 
use items, also including software and scientific 
and technical data. The Bureau of Export Admin- 
istration administers controls on dual-use items; 
the Office of Export Licensing makes licensing 
determinations (coordinating with other agencies 
as necessary), and the Office of Technology and 
Policy Analysis develops licensing policies and 
provides technical support in maintaining the 
Commerce Control List (CCL). Some items on 
the CCL are controlled for national-security pur- 
poses, to prevent them from reaching "pro- 
scribed" countries (usually in the former Soviet 
bloc); others are controlled for various foreign 
policy objectives. 118 

Cryptography falls under Section II ("Informa- 
tion Security") of the CCL. 119 This category 
includes information-security "equipment, as- 
semblies and components" that: 

1 . are designed or modified to use digital cryptog- 
raphy for information security; 

2. are designed or modified to use cryptanalytic 
functions; 

3. are designed or modified to use analog cryptog- 
raphy, except for some low-speed, fixed band 
scrambling or frequency inversion, or in fac- 
simile equipment, restricted audience broad- 



cast equipment or civil television equipment 
(see item c above); 

4. are designed to suppress compromising emana- 
tions of information-bearing signals, except for 
suppression of emanations for health or safety 
reasons; 

5. are designed or modified to use cryptography 
to generate the spreading code for spread-spec- 
trum systems or the hopping code for frequency 
agility systems; or 

6. are designed or modified to exceed class B2 of 
the Trusted Computer System Evaluation Cri- 
teria (see item 4 in the State Department list 
above); plus 

7. communications cable systems with intrusion- 
detection capabilities. 

Equipment for the test, inspection, and produc- 
tion (including evaluation and validation equip- 
ment) of equipment or functions in this category 
are included, as are related software and tech- 
nology. 

The "overlap" between the Su v .t.e Department 
and Commerce Department export-control re- 
gimes is particularly complex for cryptography 
(note the overlap between the Munitions List 
items and the CCL items, even with the excep- 
tions). Basically, the Commerce Department li- 
censes only those Section II items that are either 
excepted from State Department control, are not 
controlled, or are eligible for licensing under an. 
advisory note, plus anti-virus software (see h 



1.6 In ihe 103d Congress, legislation intended to streamline controls and case restrictions on mass-market computer software, hardware, 
and technology, including certain encryption software, was introduced, Provisions in H.R. 3627 and S.l 846 placed mass-market software with 
encryption under Commerce controls. At this writing, the 1994 omnibus export administration bills (H.R. 3937 and S.1902) were awaiting 
congressional action. See U.S. Congress. House of Representatives, Omnibus Export Administration Act of 1994. H. Rcpt. 103-531. 1 0? d 
Cong.. 2d sess.. Parts 1 (Committee on Foreign A flairs, May 25, 1994), 2 (Permanent Select Committee on Intelligence. June 1 6, 1994), 3 (Com- 
mittee on Ways and Means, June 7, 1994), and 4 (Committee on Armed Services. June 1 7. 1994) (Washington, DC. U.S. Government Printing 
Office. 1994); and H.R. 4663. "Omnibus Export Administration Act of 1994." June 28. 1994. 

1.7 22 U.S.C. 275 1-2794. 

nR Sec GAO. op. cil., footnote 111, pp. 10-12. 

1 ]i) See Supplement 1 to Part 799.1 of the Export Administration Regulations, sections A (equipment, assemblies and components). B (test, 
inspection, and production equipment). D (software), and E (technology). 
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above). 120 The cryptographic items excepted 
from control under advisory note 1 are: personal- 
ized smart cards as described in item d above; 
equipment for fixeu data compression or coding 
techniques, or for use in applications described in 
item g above; portable, commercial civil cellular 
phones containing encryption, when accompany- 
ing their users; and software as described in item a 
above. 121 Other items, such as cellular phone sys- 
tems for which message traffic encryption is not 
possible, or items for civilian use in banking, ac- 
cess control, and authentication as described un- 
der items b, e, or f above, are covered by advisory 
notes 3 through 5. These advisory notes state that 
these items are likely to be licensed by Commerce, 
as administrative exceptions, for export to accept- 
able end users. 122 

At pressent, however, software and hardware 
for robust, user-controlled encryption remains on 
the Munitions List under State Department con- 
trol, unless State grants jurisdiction to Com- 
merce. 123 This has become increasingly 
controversial, especially for the information 
technology and software industries. According to 
GAO's 1993 report: 

NSA performs the technical review that de- 
termines, for national security reasons, (1) if a 
product with encryption capabilities is a muni- 
tions item or a Commerce List item and (2) 
which munitions items with encryption capabil- 
ities may be exported. The Department of State 
examines the NSA determination for consisten- 
cy with prior NSA determinations and may add 
export restrictions for foreign policy reasons— 
e.g., all exports to certain countries may be 
banned for a time period. 



. . . [T]he detailed criteria for these decisions are 
generally classified. However, vendors export- 
ing these items can learn some of the general cri- 
teria through prior export approvals or denials 
they have received. NSA repiesentatives also 
advise companies regarding whether products 
they are planning would likely be munitions 
items and whether they would be exportable, ac- 
cording to State Department representatives. 124 

I Export Controls and Market 
Competitiveness 

The United States was a member of the Coordinat- 
ing Committee for Multilateral Export Controls 
(COCOM), which was dissolved on March 31, 
1994, The COCOM regime had an "East-West" 
focus on controlling exports to communist coun- 
tries. Within COCOM, member nations agreed on 
controls for munitions, nuclear, and dual-use 
items. However, when U.S. export controls were 
more stringent than COCOM controls, U.S. firms 
were at a disadvantage in competing for markets 
abroad, relative to competitors in other COCOM 
countries. 

After COCOM ended, the United States and its 
former partners set about establishing a new, mul- 
tilateral regime designed to address new security 
threats in the post-Cold War world. 125 Major 
goals for the new regime will be to deny trade in 
dangerous arms and sensitive technologies to par- 
ticular regions of the world and to "rogue coun- 
tries" such as Iran, Libya, Iraq, and North 
Korea. 126 The target goal for the establishment of 
the new multilateral regime is October 1 994. Until 
the new regime is established, the United States 



1 20 Ibid., p. CCL 1 23 (notes). The advisory notes specify items that can be licensed by Commerce under one or more administrative excep- 
tions. 

121 Ibid., pp. CCLl 23-126. Software required for or providing these functions is also excepted. 

122 Ibid.. Advisory Notes 1-5. 

I2 ^ GAO. op. Cit., footnote 48. pp. 24-28. 
124 Ibid., p. 25. 

,2 * Lynn Davis. Undersecretary for International Security Affairs. U.S. Department of State, press briefing. Apr. 7. 1994. (As this report 
went to press, this was the most current public information available to the OTA project staff regarding post-COCOM export regimes.) 

126 Ibid. 
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and other partners in the discussions have agreed 
to continue "controls or licensing on the most sen- 
sitive items in arms" but on a global basis, rather 
than in an East- West context. 127 These continued 
controls are being implemented on a "national 
discretion" basis, where each nation retains the 
right to do as it wishes. This contrasts with the 
"consensus" rule under which COCOM had oper- 
ated, where any state (e.g., the United States) 
could unilaterally block exports proposed by any 
other state. 128 

At the end of COCOM, the Clinton Adminis- 
tration liberalized the policy for some exports of 
computer and telecommunications products to 
Russia, Eastern Europe, and China. However, 
controls were maintained on cryptography be- 
cause: 

The President has determined that vital U.S. 
national security and law enforcement interests 
compel maintaining appropriate control of en- 
cryption. 129 

The end of the Cold War and opening up of the 
former Soviet bloc have led to new market oppor- 
tunities for U.S. firms and their competitors. 
Many countries — including former COCOM 
countries like Japan and members of the European 
Community, as well as others — have less restric- 
tive export controls on encryption technology 



than the United States. 130 (However, some of 
these have import controls on encryption, which 
the United States does not. 131 ) As a result, U.S. 
firms (including software companies) are pressing 
for a fundamental rethinking of ihe system of ex- 
port controls. Some progress was previously 
made in this area, including transfer of some dual- 
use items formerly on the Munitions List to Com- 
merce Department control. This "rationalization" 
was accomplished through a 1 99 1 -92 interagency 
review of items on the U.S. Munitions List to de- 
termine which of those also on COCOM's Indus- 
trial List (IL) of dual-use technologies could be 
removed from the ITAR regime without jeopar- 
dizing significant national-security interests. 132 

The rationalization process led to removal of 
over two dozen items, ranging from armored 
coaxial cable to several types of explosives, from 
the Munitions List. Some other items, however, 
were "contentious." These contentious items, 
which State and Defense identified for retention 
on the Munitions List, included some commercial 
software with encryption capability. According to 
GAO: 

State and Defense wanted to retain software 
with encryption capability on the USML [Muni- 
tions ListJ so the National Security Agency 
(NSA) can continue its current arrangement 



127 Ibid. "We've also agreed to exercise extreme vigilance on a global basis for all trade in the most sensitive of these items, so that we will 
be continuing to control these most sensitive items not only to the formerly proscribed countries of Russia and China but also now around the 
world to include countries such as Iran." (Undersecretary Davis, ibid.) 

128 Sec U.S. Congress. Office of Technology Assessment. Export Controls and Nonprolifcration Policy. OTA-ISS-596 (Washington. DC: 
U.S. Government Printing Ofice. May 1994). especially table 5-2. p. 44. 

129 Martha Harris. Deputy Assistant Secretary for Political-Military Affairs. U.S. Department of State. "Encryption— Export Control Re- 
form.'* statement. Feb. 4. 1994. 

130 See James P. Chandler et al. (National Intellectual Property Law Institute. The George Washington University). "Identification and Anal- 
ysis of Foreign Laws and Regulations Pertaining to the Use of Commercial Encryption Products for Voice and Data Communications." contrac- 
tor report to the U.S. Department of Energy Under Contract No. DE-AC05-84OR21400. January 1994. 

1,1 France, for example, requires a license for the import of encryption and DES-bascd manufacturers and users must deposit a key with 
the French government. China restricts both the importation and exportation of voice-encoding devices (ibid.). 

m GAO. op. cit.. footnote 48. pp. 9-10 and 13-15. According to the U.S. General Accounting Office, some items on the IL appeared on 
both the CCL and the Munitions List, when the State Department and DOD wanted to keep an item on the Munitions List after COCOM moved 
it to the IL. This would occur when State and DOD wanted to maintain the more restrictive International Traffic in Arms Regulations controls 
on militarily sensitive items for which the United States has a technological lead. Generally, though, when items were added to the IL. they were 
added to the CCL (ibid., p. 1.1). 
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with industry to review all new software with 
encryption capability coming to market to deter- 
mine if the new product should be controlled on 
the USML or the CCL. One reason for maintain- 
ing this item on the munitions list is concern 
over future encryption development by software 
firms being placed on commercial software pro- 
grams. Additional reasons are classified. The 
software industry is concerned that it is losing its 
competitive advantage because software with 
encryption capability is controlled under the 
USML. 133 

Some other contentious items, namely nonmili- 
tary image intensifiers and technical data 
associated with inertial navigation systems, were 
eventually transferred to the Commerce Control 
List by interagency agreements, with Commerce 
agreeing to impose additional foreign-policy con- 
trols to alleviate DOD's concerns. However, GAO 
found that: 

State later proposed to transfer mass-market 
software, including software with encryption 
capabilities, to Commerce's jurisdiction be- 
cause it believed that it would be impossible to 
control such software. Defense, led by the Na- 
tional Security Agency, refused to include this 
i.i?m in any compromise with Commerce, citing 
the inadequacy of Commerce's control system 
even with added foreign policy controls. The 
National Security Agency was also concerned 
that foreign policy controls may lead to decon- 
trol. Further, Defense cited administration op- 
position to a provision in a bill to reauthorize and 



amend the Export Administration Act as another 
reason that jurisdiction over software should not 
be transferred. The provision, if passed, would 
have moved all mass-market software from the 
USML to the CCL, including software with en- 
cryption capability. On February 3, 1992, the 
Acting Secretary of Commerce notified the 
Congress that including this provision would 
lead senior advisors to recommend that the Pres- 
ident [Bush] veto the bill. Defense's argument 
prevailed, and the item was retained on the 
USML. 134 

Thus, as this report went to press, U.S. software 
producers still faced the ITAR restrictions for ex- 
ports of software with strong encryption, 135 Soft- 
ware (or hardware) products using the DES for 
message encryption (as opposed to message au- 
thentication) are on the Munitions List and are 
generally nonexportable to foreign commercial 
users, except foreign subsidiaries of U.S. firms 
and some financial institutions (for use in elec- 
tronic funds transfers). This means that individu- 
al, validated licenses — requiring a case-by-case 
review of the transaction — must be obtained for 
products and programs that have strong data, text, 
or file encryption capabilities. 136 Products that 
use the DES and other algorithms for purposes 
other than message encryption (e.g., for authenti- 
cation) are exported on the Commerce Control 
List, however. 137 

In 1992, there had been limited relaxation of 
export controls for mass-marketed software with 



nJ Ibid., p. 21. GAO examined DOD's classified national-security justifications for retaining several other items (e.g., technical data for 
nonmilitary inertial navigation systems) and found them to be "sound." However, due to the level of classification involved. GAO did not ex ♦ 
amine the justification for retaining cryptographic software on the Munitions List (ibid., p. 19). 

IM Ibid., pp. 2 1 -22. 

1,5 "Strong" encryption in this context refers to systems on a par with the DES or with the RSA system with a 1,024-bit modulus. 
In 1 992. some mass-market software with encryption (but not the DES) was moved to Commerce control, given an expedited NS A review. 
According to NSA, requests to move mass- market software products to Commerce have usually been granted, except for those that include 
the DES for data encryption. (Roger Callahan, NSA, personal communication, June 8, 1994, point 7.) 

1 * 6 Under these rules, the exporting firm has to apply for a separate license for each customer (e.g., overseas subsidiary, independent soft- 
warc distributor, foreign computer manufacturer); a license is valid for one product. The exporter must file annual reports listing the number 
of copies sold to the customer, to whom they were sold, and the sale price. (Business Software Alliance, Unrealistic U.S. Government Export 
Controls Limit the Ability of American Companies To Meet the Demand for Encryption." 1994.) 

n7 GAO. op. cit.. footnote 48. p. 26. 
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encryption capabilities. NSA and the State De- 
partment relaxed and streamlined export controls 
for mass-market software with moderate encryp- 
tion capabilities, but not including software im- 
plementing the DES or computer hardware 
containing encryption algorithms. 138 Also, since 
July 1992, there has been expedited review of 
software using one of two algorithms developed 
by RSA Data Security, Inc. These algorithms, 
called RC2 and RC4, are said to be significantly 
stronger than those previously allowed for export, 
but are limited to a 40-bit key length and are said 
to be weaker 139 than the vi DES-strength" pro- 
grams that can be marketed in the United States 
and that are available overseas. 140 

As a result of U.S. export controls, some firms 
have produced vv U.S.-only" and "export" versions 
of their products; others report that overseas mar- 
kets have been foreclosed to them, even as world- 
wide demand for data encryption is dramatically 
increasing. 141 Companies with offices in the 
United States and overseas have faced operational 
complications from export requirements, includ- 
ing a lack of integrated (as opposed to add-on) en- 
cryption products. 142 Business travelers also 
potentially violated ITAR by traveling abroad 



without licenses for mass-market software con- 
taining encryption algorithms loaded in their lap- 
top or notebook computers. (At this writing, 
provisions were being put in place to allow busi- 
ness travelers to carry domestic encryption prod- 
ucts overseas for personal use — see discussion of 
licensing reforms below.) Companies that employ 
foreign nationals face additional complications in 
licensing and end-use regulations. 143 

According to the Business Software Alliance 
(BSA), the net result is a "virtual embargo" to for- 
eign commercial users of U.S. products with 
strong encryption (e.g., the DES). 144 Under cur- 
rent rules, obtaining a license to export encryption 
products to financial institutions can take several 
weeks; qualifying subsidiaries must have at least 
50 percent U.S. ownership. 145 One way through 
these strict controls is to disable any file- or text- 
encryption capabilities in the "export" version. 

At a May 1994 hearing before the Senate Sub- 
committee on Technology and the Law, Stephen 
Walker (Trusted Information Systems, Inc.) pre- 
sented the results of SPA's study of the foreign 
availability of encryption products. As of April 
1994, SPA reported having identified 423 U.S.- 



158 ibid. 

139 Sec Walker testimony, op. cit., f<x>tnote 37, p. 9. 

140 Software Publishers Association, **SPA News," March 1994. p. 94. See also Walker testimony, op. cit.. footnote 37, p. 28. According 
to a 1992 presentation by Jim Bidzos (President, RSA Data Security. Inc.) to the Computer System Security and Privacy Advisory Board 
(CSSPAB), RC2 and RC4 were developed by RSA Data Security, Inc. in the mid-1980s and are not public-key based. They have been incorpo- 
rated into Lotus Notes. (Minutes of the September 15-17. 1992 meeting of the CSSPAB. obtained from NIST.) 

141 See Business Software Alliance (BSA). op. cit.. footnote 1 36. According to BSA, its member companies account for 71 percent of pre- 
packaged PC software sales by U.S. companies. See also software-producer testimonies before the Subcommittee on Economic Policy. Trade 
and Environment, House Committee on Foreign Affairs. Oct. 12. 1993 and GAO, op. cit.. footnote 48. pp. 26-28. 

142 See Priscilla A. Walter and Louis K. Ebling. "Taming the Jungle of Export Regulations," The international Computer Lawyer, vol. I , 
No. 11, October 1993. pp. 14-16. 

l4? lhid..p. 16. However, according to NSA, it is not difficult to obtain licensing for an employed foreign national. (Roger Callahan. NSA. 
personal communication, June 8, 1994. point 12.) 

144 BSA, op. cit., f(X)tnote 136, pp. 1-2. citing statement by Bob Rarog, Digital Equipment Corp.. before the CSSPAB. June 3. 1993. 

145 Ellen Mcssmcr. "Encryption Restriction Policy Hurts Users. Vendors," Network World, Aug. 23, 1993, pp. 34.43. Semaphore Corp.. 
a U.S. manufacturer of encryption products, estimated that U.S. vendors are not eligible to ship encryption products to 403 of the so-called 
Global 1000 multinational corporations named by Fortune magazine. Because many foreign-based procurements include security in the speci- 
fication for the total procurement, U.S. firms often lose out to foreign firms (e.g., in the United Kingdom or Switzerland) that do not face the 
same restrictions (ibid.). 
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origin products containing encryption imple- 
mented in hardware, software, and 
hardware/software combinations. According to 
SPA, 245 of these products use the DES and, 
therefore, are subject to ITAR controls and cannot 
be exported except in very limited circum- 
stances. 146 In total, SPA identified 763 crypto- 
graphic products, developed or distributed by a 
total of 366 companies (211 foreign, 155 domes- 
tic) in at least 33 countries. 147 In addition, soft- 
ware implementations of the DES and other 
encryption algorithms are routinely available on 
Internet sites worldwide. 148 

At the hearing, Walker showed examples of 
DES-based products that SPA had taken delivery 
on from vendors in Denmark, the United King- 
dom, Germany, and Russia. Walker also demon- 
strated how laptop computers (with internal 
speakers and microphones) could be transformed 
into encrypting telephones, using a DES-based 
software program purchased in the United States 
to encrypt/decrypt digital speech. 149 

Based on experiences like this, many in indus- 
try consider that the foreign-dissemination con- 
trol objectives of the current export regime serve 
mainly to hinder domestic firms that either seek to 
sell or use cryptography: 



Foreign customers who need data security 
now turn to foreign rather than U.S, sources to 
fulfill that need. As a result, the U.S, govern- 
ment is succeeding only in crippling a vital 
American industry's exporting ability, 150 

The impact of export controls on the overall cost 
and availability of safeguards is especially 
troublesome to business and industry at a time 
when U.S. high-technology firms find themselves 
as targets for sophisticated foreign-intelligence at- 
tacks 151 and thus have urgent need for sophisti- 
cated safeguards that can be used in operations 
worldwide. 152 Moreover, software producers as- 
sert that several other countries do have more re- 
laxed export controls on cryptography: 

Our experience. . . has demonstrated conclu- 
sively that U.S. business is at a severe disadvan- 
tage in attempting to sell products to the world 
market. If our competitors overseas can routine- 
ly ship to most places in the world within days 
and we must go through time-consuming and 
onerous procedures with the most likely out- 
come being denial of the export request, we 
might as well not even try. And that is exactly 
what many U.S. companies have decided. 



146 Walker testimony, op. cit.. footnote 37, p. 15. 

147 Ibid. 

148 Software Publishers Association. "SPA Study of Foreign Availability of Cryptographic Products, " updated Jan. 1, 1994. and Walker 
testimony, op. cit.. footnote 37. In one case, the author of PGP (Pretty Good Privacy), a public-key encryption software package for email 
protection, was investigated by the U.S. Customs Service. In April 1994, a federal grand jury was examining whether the author broke laws 
against exporting encryption software. PGP was published in the United States as "freeware** in June 1991 and has since spread throughout 
the world via networks. RSA Data Security, Inc. says that the PGP versions available via the Internet violate the RSA patent in the United States. 
(See William M. Bulkeley, "Popularity Overseas of Encryption Code Has the U.S. Worried" The Wall Street Journal, Apr. 28, 1994, pp. 1 , A8; 
and John Markoff, "Federal Inquiry on Software Examines Privacy Programs," The New York Times, Sept. 21 , 1993, pp. D1,D7.). 

149 Walker testimony, op. cit.. footnote 37, pp. 14-20 and attachment. According to Walker, SPA had also received encryption products from 
Australia. Finland, and Israel. 

150 Walker testimony, op. cit., footnote 37, pp. 15-26 (quote at 15). See also SPA and BS A. op. cit.. footnotes 148 and 1 36. 
!M The Threat of Foreign Economic Espionage to U.S. Corporations, hearings, op. cit., footnote 2. 

' * 2 See GAO. op. cit., footnote 48. p. 4 (citing the Director. Central Intelligence Agency); and U.S. General Accounting Office, Economic 
Espionage: The Threat to U.S. Industry, GAO/OS1-92-6 (Washington, DC: U.S. Government Printing Office. 1992). (Statement of Milton J. 
Socolar, testimony before the Subcommittee on Economic and Commercial Law, Committee on the Judiciary, U.S. House of Representatives, 
Apr. 29. 1992.) v 
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And please be certain to understand that we 
are not talking about a few isolated products in- 
volving encryption. More and more we are talk- 
ing about major information processing 
applications like word processors, databases, 
electronic mail packages, and integrated soft- 
ware systems that must use cryptography to pro- 
vide even the most basic level of security being 
demanded by multinational companies. 15 -^ 

On the other hand, U.S. export controls may 
have substantially slowed the proliferation of 
cryptography to foreign adversaries over the 
years. Unfortunately, there is little explanation (at 
least at the unclassified level) regarding the degree 
of success of these export controls and the neces- 
sity for maintaining strict controls on strong cryp- 
tography in the face of foreign supply and 
networks like the Internet that seamlessly cross 
national boundaries. (For a general discussion of 
the costs and benefits of export controls on dual- 
use goods see OTA's recent report Export Controls 
and Nonproliferation Policy, OTA-ISS-596, May 
1994.) 

Some of the most recent public justifications 
for continued strict controls were made in May 
1994 testimonies by Vice Admiral J.M. McCon- 
nell (NSA Director) and Clinton Brooks (Special 
Assistant to the Director, NSA): 

Clearly, the success of NSA's intelligence 
mission depends on our continued ability to col- 
lect and understand foreign communications 
. . . Controls on encryption exports arc impor- 
tant to maintaining our capabilities. 

... At the direction of the President in April, 
1993, the Administration spent ten months care- 
fully reviewing its encryption policies, with par- 
ticular attention to those issues related to export 
controls on encryption products. The Adminis- 
tration consulted with many industry and private 
sector representatives and sought their opinions 



and suggestions on the entire encryption export 
control policy and process. As a result of this re- 
view, the Administration concluded that the cur- 
rent encryption export controls are in the best 
interest of the nation and must be maintained, 
but that some changes should be made to the ex- 
port licensing process in order to maximize the 
exportability of encryption products and to re- 
duce the regulatory burden on exporters. These 
changes will greatly case the licensing process 
and allow exporters to more rapidly and easily 
export their products. 

In addition, the Administration agreed at the 
urging of industry that key escrow encryption 
products would be exportable. Our announce- 
ment regarding the exportability of key escrow 
encryption products has caused some to assert 
that the Administration is permitting the export 
of key escrow products while controlling com- 
peting products in order to force manufacturers 
to adopt key escrow technology. These argu- 
ments arc without foundation. . .we arc not us- 
ing or intending to use export controls to force 
vendors to adopt key escrow technology. 154 

Clinton Brooks also noted that: 

The U.S., with its key escrow concept, is 
presently the only country proposing a tech- 
nique that provides its citizens very good priva- 
cy protection while maintaining the current 
ability of law enforcement agencies to conduct 
lawful electronic surveillance. Other countries 
arc using government licensing or other means 
to restrict the use of encryption. 155 

In February 1994, the Clinton Administration 
announced its intention to reform the export con- 
trol procedures that apply to products incorporat- 
ing encryption technology: 

These reforms arc part of the Administra- 
tion's effort to eliminate unnecessary controls 
and ensure efficient implementation. The re- 
forms will simplify encryption product export 



|U Walker testimony, op. cil.. footnote 37. p. 18. 

154 McCnnncll testimony, op. cil.. footnote 8. p. 6. and Clinton C. Brooks. Special Assistant to the Director. NSA. testimony before the 
Subcommittee on Technology. Environment and Aviation. Committee on Science. Space, and Technology. U.S. House of Representatives. May 
3. 1994. pp. 5-6. (Identical passage in both.) 

|SS Clinton Brooks testimony, ibid., p. 4. (Similar statement in McConnell, ibid., pp. 3-4.) 
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licensing and speed the review of encryption 
product exports, thus helping U.S. manufactur- 
ers to compete more effectively in the global 
market. While there will be no changes in the 
types of equipment controlled by the Munitions 
List, we are announcing measures to expedite li- 
censing. 156 

The new licensing procedures were expected to 
appear in the Federal Register in June 1994. 157 
According to the State Department, the reforms 
"should have the effect of minimizing the impact 
of export controls on U.S. industry." 158 These 
were expected to include: 

■ license reform measures that will enable 
manufacturers to ship their products directly to 
customers within approved regions, without 
obtaining individual licenses for each end user; 

■ rapid review of export license applications (a 
"significant" number of applications will have 
a turnaround goal of 10 working days); 

■ personal use exemptions for U.S. citizens tem- 
porarily taking encryption products abroad for 
their own use (previously, an export license 
was required); and 

■ allowing exports of key-escrow encryption 
products to most end users (key-escrow prod- 
ucts will qualify for special licensing arrange- 
ments). 159 

The Secretary of State has asked encryption prod- 
uct manufacturers to evaluate the impact of these 
reforms over the next year and provide feedback 
on how well they have worked, as well as recom- 
mendations for additional procedural reforms. 160 



In the 103d Congress, legislation intended to 
streamline export controls and ease restrictions on 
mass-market computer software, hardware, and 
technology, including certain encryption soft- 
ware, was introduced by Representative Maria 
Cantwell (H.R. 3627) and Senator Patty Murray 
(S. 1 846). In considering the Omnibus Export Ad- 
ministration Act (H.R. 3937), the Committee on 
Foreign Affairs reported a version of the bill in 
which most computer software, including soft- 
ware with encryption capabilities, was under 
Commerce Department controls and in which ex- 
port restrictions for mass-market software with 
encryption were eased. 161 The Report of the Per- 
manent Select Committee on Intelligence struck 
out this portion of the bill and replaced it with a 
new section calling for the President to report to 
Congress within 1 50 days of enactment, regarding 
the current and future international market for 
software with encryption and the economic im- 
pact of U.S. export controls on the U.S. computer 
software industry. 162 

At this writing, the omnibus export administra- 
tion legislation was still pending. Both the House 
and Senate bills contained language calling for the 
Administration to conduct comprehensive studies 
on the international market and availability of en- 
cryption technologies and the economic effects of 
U.S. export controls. 

SAFEGUARDS, STANDARDS, AND 
THE ROLES OF NISTAND NSA 

This section summarizes current NIST and NSA 
activities related to safeguards for unclassified in- 
formation, as well as joint activities by the two 
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156 Martha Harris, op. cit.. footnote 1 29. 

157 Rose Biancaniello. Office of Defense Trade Controls. Bureau of Political-Military Affairs. U.S. Department of State, personal commu- 
nication. May 24, 1994. 

158 Martha Harris, op. cit.. footnote 129. 
>*>lbid. 

160 Ibid. 

161 See Omnibus Export Administration Art of 1994, op. cit.. footnote 1 1 6. Part I . pp. 57-58 (H.R. 3937. sec. 1 1 7(c)( 1 )-(4)). 

162 Omnibus Export Administration Act of 1994. op. cit.. footnote 1 1 6. Part 2. pp. 1 -5 (H.R. 3937. sec. 1 1 7(c) ( 1 )-(3)>. 
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agencies. It also discusses the current, controver- 
sial interagency agreement describing the agen- 
cies 1 implementation of the Computer Security 
Act. 

I NIST Activities in Support of 
Information Security and Privacy 

Ongoing NIST activities in support of informa- 
tion security and privacy in the High Performance 
Computing and Communications/National In- 
formation Infrastructure (HPCC/NII) Programs 
are conducted by NISTs Computer Systems Lab- 
oratory. 163 The overall objectives of the HPCC/ 
Nil Programs are to accelerate the development 
and deployment of high-performance computing 
and networking technologies required for the Nil; 
to apply and test these technologies in a manufac- 
turing environment; and to serve as coordinating 
agency for the manufacturing component of the 
federal HPCC Program. NIST contributes to the 
following components of the federal HPCC Pro- 
gram: 

■ high performance computing systems, 



■ advanced software technology and algorithms, 
a National Research and Education Network, 

and 

■ information infrastructure technology and ap- 
plications 164 

According to NISTs interpretation of policy 
guidance received from OMB, no agency has the 
lead with respect to security and privacy in 
support of the Nil; accordingly, NIST and other 
agencies support OMB initiatives. 165 NISTs 
summary of Nil-related security projects is repro- 
duced in box 4-7. 

NIST has also announced two opportunities to 
join cooperative research consortia in support of 
key-escrow encryption. In August 1 993 , NIST an- 
nounced an "Opportunity to Join a Cooperative 
Research and Development Consortium to Devel- 
op Software Encryption with Integrated Crypto- 
graphic Key Escrowing Techniques." According 
to the announcement, this research would be done 
in furtherance of the key-escrowing initiative an- 
nounced by President Clinton on April 16, 



lf ** As this report was written. NIST was in the process of reorganizing to create a new Information Technology Laboratory; the CSL activi- 
ties arc expected to be included in the functions of the Information Technology Laboratory. Sec also Dennis M Gilbert, A Study of Federal 
Agency Needs for Information Technology Security. N1STIR-5424 (Gaithcrsburg. MD: NIST, May 1994) for the results of a NIST study to be 
used for planning future NIST information technology security standards, guidance, and related activities. 

164 ^Proposed HPCC/NII Program at NIST." May 1993. Included in attachment 2 of a letter from F. Lynn McNulty, Associate Director for 
Computer Security. NIST. to Joan D. Winston. OTA. Apr. I 3, 1994. OTA had requested information about current NIST activities in support 
of the information infrastructure and about security/privacy related information in letters to NIST dated Feb. 28. 1994 and Mar. 11. 1994. 

If * F.L. McNulty. ibid. See also Gilbert, op. cit.. footnote 163. 
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The Office of Technology Assessment asked the National Institute of Standards and Technology for a 
summary of activities related to computer and information security. The information provided by NIST in 
April 1994 is reproduced below: 
Issue Area: Information Security 
Objective Areas: All 

Information security is an important issue in all the objective areas. In addition, information security 
is a cross-cutting issue for three other areas: privacy, protecting intellectual property, and controlling 
access to information since the ability to ensure privacy, protection of intellectual property, and con- 
trolled access to information will require that information security controls are in place and operating 
correctly. 

Project: Digital Signature Standard and Supporting Infrastructure 

This project provides the technology to electronically sign multi-media information, to ensure non-re- 
pudiation of the originator and receiver of the information, and to detect modifications to the informa- 
tion. It also focuses on establishing the supporting infrastructure needed to distribute certificates to us- 
ers in government and commercial interactions. Certificates are necessary since they contain unforge- 
able information about the identity of the individual presenting the certificate and contain other compo- 
nents required for the digital signature function. 
Project: Cryptographic Standards 

This project area includes basic cryptographic-based standards that are needed throughout the 
[National Information Infrastructure] Nil "electronic highway" and within applications in most, if not all 
objective areas. In addition, it includes a standard (metric) for the level of security of cryptographic 
mechanisms used throughout the Nil. 
Project: Advanced Authentication Technology 

The vast majority of current [information technology] IT systems continue to rely on passwords as the 
primary means of authenticating legitimate users of such systems. Unfortunately, vulnerabilities 
associated with the use of passwords have resulted in numerous intrusions, disruptions, and other un- 
authorized activity to both government and commercial IT systems. NIST activities in this area have 
focused on moving federal agencies away from reliance on passwords to the use of token based and 
other technologies for authenticating users. Specifically, the [Computer Security Division] CSD has 
been working directly with federal agencies to incorporate advanced authentication technology (as well 
as other security technologies) into their applications to provide better cost effective security. Such ap- 
plications are/will be included as components of the Nil (e.g., IRS tax filing applications). 
Project: Security Criteria and Evaluation 

The goal of this project area is to develop an internationally accepted security which can be used to 
specify the security functionality and assurance requirements of IT systems and products and to estab- 
lish a U S government capability to verity that the developer of the product/system has met both sets of 
requirements. The long term goal of this project is a plentiful supply of secure commercial off-the-shelf 
products that will be used in Nil applications and other part of the Nil. 
Project: Secure the Internet and Network Connectivity 

This project focuses on providing near term assistance and solutions for organizations that must 
connect to the Internet and other networks. 



(continued) 
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Project: Open Systems Security 

This project area focuses on longer term activities that will result in enhanced security for govern- 
ment applications on the Nil. These include the extension of security labels to other IT areas and exten- 
sions of the DOD Goal Security Architecture to other government systems. Security labels are neces- 
sary for specifying the type and sensitivity of information stored in a host system or being communi- 
cated from one party to another. 
Project: Computer Security Management 

The best technical solutions will not be effective unless there is a managed combination of technolo- 
gy, polices, procedures and people. All applications within the Nil will require security management if 
they are to provide cost effective security to users of the NIL This project focus on management activi- 
ties such as training/education, risk management, and accepted security practices that ensure use of 
security technology. 

SOURCE National Institute of Standards and Technology, April 1994. 



1993. 166 A February 1994 NIST press release 167 
announced partnership opportunities in research 
directed at developing computer hardware with 
integrated cryptographic key-escrowing tech- 
niques. 168 The cooperative research involves tech- 
nical assistance from NSA. As of June 1994, 
NIST reported that several individuals and orga- 
nizations were participating in a Key Escrow En- 
cryption Working Group seeking to "specify 
requirements and acceptability criteria for key-es- 
crow encryption systems and then design and/or 
evaluate candidate systems." 169 

In early 1994, OTA asked the National Institute 
of Standards and Technology for more informa- 
tion on the resources that would be required — 
staff, funds, equipment, and facilities — to set up 
NIST as a key-escrow agent. NIST had originally 
estimated that startup costs for both escrowing fa- 



cilities would be about $14 million, with total 
annual operating costs of about $ 1 6 million. 1 70 In 
April 1994, NIST told OTA that the Clinton Ad- 
ministration was still working on cost estimates 
for the escrow system and was not able to release 
additional cost information. 171 By June 1994, 
17,000 Clipper chip keys had been escrowed at 
NIST. 172 OTA has not received any additional in- 
formation regarding costs, staffing, and other re- 
source requirements for the escrow system. 

Funding for NISTs computer-security activi- 
ties is shown in table 4-1 . According to the figures 
in table 4-1, appropriated funds for computer se- 
curity show an almost fourfold increase from lev- 
els prior to the Computer Security Act of 1987. 
This does not represent steady growth, however; 
there was a large increase from $1 .0 million in FY 



166 Federal Register, Aug. 24, 1993, pp. 44662-63. (This announcement was written before the EES was finalized.) 

167 "NIST Calls for Partners in Developing Key Escrowing Hardware," Feb. 4, 1994. (The EES was finalized.) 

168 This material was attachment 1 of McNulty, Apr. 13, 1994, op. cit.. footnote 164. 

169 Miles Smid, NIST, "The U.S. Government Key Escrow System," presentation at NIST Key Escrow Encryption Workshop, June 10. 

1993. These activities support the Administration's exploration of alternative key-escrow encryption techniques, as announced in a July 20. 

1994, letter from Vice President A I Core to Representative Maria Cantwcll. 

170 Federal Register, Feb. 9, 1994, p. 6000. 

171 F. Lynn McNulty, NIST Associate Director for Computer Security, letter to Joan Dopico Winston. OTA, Apr. 13. 19<M. 

172 Miles Smid. Manager, Security Technology Croup. NIST, personal communication. May 25, 1994. 



172 



164 1 Information Security and Privacy in Network Environments 



■ TABLE 4-1 : Computer Security (S 

* * *• 


millions) , 1 






Obligations 




Fiscal 


Appropriation 




ruw-ume 


year 


funds 


Reimbursable 


equivalents 


1985 


1 .2 


0.5 


16 


1986 


1.1 


0.4 


16 


1987 


1.1 


0.4 


16 


1988 


1.0 


0.7 


17 


1989 


2.7 


08 


33 


1990 


27 


08 


33 


1991 


3.3 


1.6 


37 


1992 


3.4 


2.3 


35 


1993 


39 


2.1 


35 


1994 


4.4 


2.0 


38 est. 


1995 


4.5 


2.0 


38 est. 



'The enactment of the Computer Security Act in 1988 imposeu new 
responsibUitieson the National Instituteof Standards and Technology 
to improve the security and privacy of sensitive information in com- 
puter systems of all federal agencies In addition to responsibilities 
for developing standards and guidelines and for carrying out re- 
search in computer security. NIST was assigned the responsibility for 
reviewing agency computer security plans, assisting in the develop- 
ment of training programs agencies, and establishing and operating 
a Computer System Security and Privacy Advisory Board. NlSTused 
appropriated funds to hire a core staff to carry out the general tasks 
assigned by the law Reimbursable funds were used for tasks that 
were specific to the other agencies. Additional reimbursable tasks 
have been accepted to respond to increased demands for help as 
agency awareness of their computer security responsibilities has in- 
creased These reimbursable tasks have been accepted only when 
they support the goals of NIST's Computer Security Program " 
SOURCE National Institute of Standards and Technology. April 1994 



1988 to $2.7 million in FY 1989 and FY 1990, and 
slower growth thereafter. Staffing levels also rose, 
from 17 full-time equivalents (FTEs) in FY 1988 
to an average of 36 or 37 FTEs thereafter. Since 
1990, "reimbursable" funds received from other 
agencies (mainly DOD) have been substantial 
compared with appropriated funds for security-re- 
lated activities, representing some 30 to 40 per- 



cent of the total funding for computer-security 
activities and staff at CSL. This is a large fraction 
of what has been a relatively small budget, given 
NIST's responsibilities under the Computer Secu- 
rity Act. 

I Joint NIST/NSA Activities 

In January 1994, OTA asked NSA for a summary 
of the activities NSA reported that it conducted 
jointly with NIST under the Computer Security 
Act of 1987. According to NSA, these include the 
National Computer Security Conference, devel- 
opment of common criteria for computer security 
(see chapter 2), product evaluations, standards de- 
velopment, and research and development. OTA 
received this information in April 1994; it is re- 
produced in box 4-8. 

I NIST/NSA Implementation of the 
Computer Security Act of 1987 

A 1989 Memorandum of Understanding between 
the NIST Director and the NSA Director estab- 
lished the mechanisms of the working relation- 
ship between NIST and NSA in implementing the 
Computer Security Act of 1987. 173 The MOU has 
been controversial. Observers — including OTA 
— consider that the MOU appears to cede to NSA 
much more authority than the act itself had 
granted or envisioned, particularly through the 
joint NIST/NSA Technical Working Group estab- 
lished by the MOU. 174 In May 1989, Milton J. So- 
colar, Special Assistant to the Comptroller 
General, noted: 

... as one reviews the [MOU] itself against the 
background of the [Computer Security A]ct, one 
cannot help but be struck by the extent of influ- 
ence NSA appears to retain over the processes 



m Memorandum of Understanding Betw een the Director of the National Institute of Standards and Technology and the Director of the 
National Security Agency Concerning the implementation of Public Imw 100-235. Mar. 23. 1989. (Sec appendix B.) 

1 74 The Technical Working Group may identify issues for discussion.or these may be referred to it by the NSA Deputy Director for Informa- 
tion Security or the NIST Deputy Director (ibid., sec. 111(5)). 
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. BOX 4-8: Overview of Joint NIST/WSA Activities 



The Office of Technology Assessment asked NSA for a summary of joint NIST-NSA activities. The 
material provided by NSA in April 1994 is reproduced below: 

NSA provides technical advice and assistance to NIST in accordance with Public Law 100-235 An 
overview of NIST-NSA activities follows. 

National Conference. NIST and NSA jointly sponsor, organize, and chair the prestigious National 
Computer Security Conference, held yearly for the past 16 years. The conference is attended by over 
2,000 people from government and private industry. 

Common Criteria. NSA is providing technical assistance to NIST for the development of computer 
security criteria that would be used by both the civilian and defense sides of the government. Repre- 
sentatives from Canada and Europe are joining the United States in the criteria's development 

Product Evaluations. NIST and NSA are working together to perform evaluations of computer secu- 
rity products. In the Trusted Technology Assessment Program, evaluations of some computer security 
products will be performed by NIST and their labs, while others will be performed by NSA. NIST and 
NSA engineers routinely exchange information and experiences to ensure uniformity of evaluations 

Standards Development. NSA supports NIST in the development of standards that promote inter- 
pretability among security products. Sample standards include security protocol standards, digital sig- 
nature standards, key management standards, and encryption algorithm standards (e.g., the DES, 
SKIPJACK). 

Research and Development. Under the Joint R&D Technology Exchange Program, NIST and NSA 
hold periodic technical exchanges to share information on new and ongoing programs. Research and 
development is performed in areas such as security architectures, labeling standards, privilege man- 
agement, and identification and authentication Test-bed activities are conducted in areas related to 
electronic mail, certificate exchange/management, protocol conformity, and encryption technologies 



SOURCE National Security Agency. April 1994 



involved in certain areas — an influence the act 
was designed to diminish. 175 

In response to concerns and questions raised in 
the May 1 989 hearings, NIST and NSA prepared a 
letter of clarification for the House Committee on 
Government Operations. This December 22, 



1989, letter was intended to assuage concerns. 176 
However, concerns that neither the MOU or the 
letter of clarification accurately reflected the in- 
tent of the Computer Security Act continued. 1 77 A 
February 1990 letter to the committee from the 
Secretary of Commerce and subsequent staff dis- 



175 Milton J. Similar. Special Assistant to the Comptroller General. "National Institute of Standards and Technology and the National Secu- 
rity Agency's Memorandum of Understanding on Implementing the Computer Security Act of 1987," in Hearing on Military and Civilian Con- 
trol of Computer Security Issues, May 4, 1989, op. cit., footnote 99. pp. 39-47, quote at p. 47. Socolar also noted other concerns, such as the 
MOU appeal process in sec. 1 1 1(7 L the NSA evaluation of security programs, NSA research and development activities, NIST recognition of 
NSA-certified ratings of trusted systems, and other matters. 

176 Letter to Rep. John Conyers. Jr.. and Rep. Frank Horton from Raymond Kammcr (NiST) and W. O. Studemann (NSA), Dec. 22. 1989. 
(Sec appendix B.) 

177 See Richard A. Danca and Robert Smith midford. "NSA, NIST Caught in Security Policy Debate." Federal Computer Week, Feb. 1 2. 
1990. p. 1. 



I'M 



1 66 1 Information Security and Privacy in Network Environments 



cussions continued to explore these concerns. 178 
(See appendix B of this report for the MOU, the 
December 1989 NIST/NSA letter of clarification, 
and the February 1 990 letter from the Secretary of 
Commerce.) 

Implementation of the Computer Security Act 
remains controversial; the MOU has not — to the 
best of OTA's knowledge — been modified. A re- 
cent GAO study found that: 

The Computer Security Act of 1987 reaf- 
firmed NIST as the responsible federal agency 
for developing federal cryptographic informa- 
tion-processing standards for the security of sen- 
sitive, unclassified information. However, NIST 
has followed NSAs lead when developing cer- 
tain cryptographic standards for communica- 
tions privacy. 179 

The MOU authorizes NIST and NS A to estab- 
lish a Technical Working Group (TWG) to "re- 
view and analyze issues of mutual interest 
pertinent to protection of systems that process 
sensitive or other unclassified information." The 
TWG has six members; these are federal em- 
ployees, with three selected by NIST and three se- 
lected by NSA. The working group membership 
may be augmented as necessary by representa- 
tives of other federal agencies. 

Where the act had envisioned NIST calling on 
NSA's expertise at its discretion, the MOlPsTWG 
mechanism involves NSA in all NIST activities 
related to information-security standards and 
technical guidelines, as well as proposed research 
programs that would support them. The imple- 
mentation mechanisms defined by the MOU in- 
clude mandatory review by the TWG, prior to 
public disclosure, of "all matters regarding techni- 
cal systems security techniques to be developed 



for use in protecting sensitive information in fed- 
eral computer systems to ensure they are consis- 
tent \ tf h the national security of the United 
States." 180 If NIST and NSA cannot resolve such 
an issue within 60 days, either agency can elect to 
raise it to the Secretary of Defense and Secretary 
of Commerce, or to the President through the Na- 
tional Security Council. No action can be taken on 
an issue until it is resolved. Thus, the MOU provi- 
sions give NSA power to delay and/or appeal any 
NIST research programs involving "technical sys- 
tem security techniques" (such as encryption), or 
other technical activities that would support (or 
could lead to) proposed standards or guidelines 
that NSA would ultimately object to. 181 

NSA reviewers who commented on a draft of 
this OTA report disagreed with this interpretation. 
According to these reviewers, the Computer Secu- 
rity Act did not take into account that the tech- 
niques NIST would consider in developing 
standards for information systems that process un- 
classified information: 

. . . have the potential to thwart law enforcement 
and national intelligence activities, NIST recog- 
nized that they needed a mechanism to obtain 
NSA's expertise and to understand the risk that 
certain security techniques could pose for these 
activities. Moreover, they needed to understand 
these risks before the proposed standards were 
promulgated and the damage was done. The 
MOU between NIST and NSA provided this 
mechanism. Rather than delay NIST standards, 
the MOU process provides NIST critical in- 
formation it needs in formulating the stan- 
dards. 182 

In subsequent discussions with OTA staff, NSA 
officials reiterated this point and explained that 



178 Letter to Chairman John Conycrs. Committee on Government Operations, from Robert A. Moshachcr. Secretary of Commerce. Fch. 
28, 1990. An enclosure to this letter elaborates on matters raised hy the committee staff in a meeting on Jan. 3. 1990. (The MOU and both the 
December 1989 and Fchruary 1990 letters are found in appendix B of this report.) 

179 GAO. op. cil.. footnote 48. p. 5, using the DSS as evidence. 

180 MOU. op. cil.. footnote 173. see. 111(7). 

181 Ihid.. sees. III(5)-(7). Sec also M.J. Socolar. op. cit.. footnote 175. pp. 45*46. 

182 Roger M. Callahan. NSA. letter lo Joan D. Winston. OTA. May 6. 1994. p. 4. 
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the appeals process specified in the Computer Se- 
curity Act (see below) would come too late in the 
standards process to avoid harming national-secu- 
rity and law-enforcement interests. 183 

NIST's most recent efforts to develop a public- 
key standard and a digital signature standard have 
focused concerns on the MOU and the working 
relationship between NIST and NSA, NIST stan- 
dards activities related to public-key cryptogra- 
phy and digital signatures have proceeded 
intermittently for over 1 2 years. Much of the origi- 
nal delay (i.e., 1 982-89) appears to have been due 
to national-security, nonproliferation concerns 
voiced by NSA. 184 (The most recent delay re- 
sulted from patent-licensing problems — see ap- 
pendix C.) 

NBS (now, NIST) originally published a "Soli- 
citation for Public Key Cryptographic Algo- 
rithms" in the Federal Register on June 30, 1982. 
According to the results of a classified investiga- 
tion by GAO, NBS abandoned this standards ac- 
tivity at the request of NSA. 185 In 1989, after the 
Computer Security Act, NIST again began discus- 
sions with NSA about promulgating a public-key 
standard that could be used for signatures. These 
discussions were conducted through the Technical 
Working Group mechanism established in the 
MOU, which had been signed earlier that year. 



According to GAO, at the start of these discus- 
sions, the NIST members of the Technical Work- 
ing Group had preferred the RSA algorithm 
because it could be used for signatures and also 
could encrypt for confidentiality (and, therefore, 
be used for cryptographic key management/ex- 
change). 186 According to GAO, the plan to select 
a public-key algorithm that could do both signa- 
tures and key exchange was terminated in favor of 
a technique, developed under NSA funding, that 
only did signatures. 187 Another motive for select- 
ing a different algorithm was that the RSA method 
was patented, and NIST wanted to develop a roy- 
alty-free standard. 

NSA's algorithm is the basis for the DSS. It per- 
forms the signature function but does not encrypt 
for purposes of confidentiality or secure key dis- 
tribution. The Capstone and TESSERA imple- 
mentations of the EES encryption algorithm also 
include digital signature and key-exchange algo- 
rithms, but as of June 1994 this key-exchange al- 
gorithm was not part of a FIPS. 

As originally proposed in 1991, the DSS met 
with several types of criticism. Some criticisms 
were on technical grounds, including the strength 
of the algorithm. In response, NIST and NSA re- 
vised the proposed standard, increasing the maxi- 
mum size of the modulus from 512 to 1,024 



,8 * Clinton Brooks, Special Assistant to the Director. NSA. personal communication, May 25. 1994. 

184 Public-key cryptography can be used for data encryption, digital signatures, and in cryptographic key management/exchange (to se- 
curely distribute secret keys). Current federal standards initiatives take the approach of devising ways to do signatures (i.e., the DSS) and key 
distribution without also providing data encryption capabilities. 

185 GAO, op. cit.. footnote 48. p. 20. 

186 Ibid. GAO based this conclusion on NIST memoranda. 

187 Ibid., pp. 20-21 . GAO based this conclusion on NIST memoranda. See also the series of N1ST/NSA Technical Working Group minut' 
from May 1 989 to August 1991 . published in "Selected N1ST/NSA Documents Concerning the Development of the Digital Signature Standard 
Released in Computer Professionals for Social Responsibility v. National Institute oj Standards and Technology, Civil Action No. 92-0972," 
Computer Professionals for Social Responsibility. The Third Cryptography and Privacy Conference Sourre Book, June 1993. (Note: According 
to NSA. the materials obtained through the Freedom of Information Act arc not a true picture of all the different levels of discussion that took 
place during this period, when NIST management and NSA were in agreement regarding the development of a signature standard. Clinton 
Brooks, Special Assistant to the Director, NSA. personal communication. May 25. 1994.) 

See also D.K. Branstad and M.E. Smid. "Integrity and Security Standards Based on Cryptography." Computers & Security, vol. I ( 1 982). 
pp. 255-260; Richard A. Danca. 'Torricclli Charges NIST with Foot-Dragging on Security." Federal Computer Week, Oct. 8. 1990. p. 9; and 
Michael Alexander. "Data Security Plan Bashed." Computenvorld, July I. 1991 . p. 1 
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bits. 8 (Increasing the number of bits in the mo- 
dulus increases strength, analogous to increasing 
the length of a key.) Other criticisms focused on 
possible patent infringement and licensing issues 
(see appendix C). The DSS was finished and is- 
sued by the Commerce Department in May 1 994, 
to take effect on December 1 , 1994, with the state- 
ments that: 

NIST has addressed the possible patent in- 
fringement claims, and has concluded that there 
are no valid claims. 189 

The Department of Commerce is not aware 
of any patents that would be infringed by this 
standard. 190 

As this report went to press, the possibility of in- 
fringement litigation was still open (see appendix 
C). 

The Computer Security Act envisioned a dif- 
ferent standards-appeal mechanism. According to 
the act, the President could disapprove or modify 
standards or guidelines developed by NIST and 
promulgated by the Secretary of Commerce, if he 
or she determined such an action to be in the pub- 
lic interest. The President cannot delegate author- 
ity to disapprove or modify proposed NIST 
standards. 191 Should the President disapprove or 
modify a standard or guideline that he or she deter- 
mines will not serve the public interest, notice of 
such action must be submitted to the House Com- 
mittee on Government Operations and the Senate 
Committee on Governmental Affaii i> and must be 
published promptly in the Federal Register.^ 92 By 
contrast, interagency discussions and negoti- 
ations by agency staffs under the MOU can result 
in delay, modification, or abandonment of pro- 



posed NIST standards activities, without notice or 
the benefit of oversight that is required by law. 

NIST and NSA disagree with this conclusion. 
According to NIST and NSA officials, NIST has 
retained its full authority in issuing the FIPS and 
NSA's role is merely advisory. In May 1994 testi- 
mony before the House and Senate, the NIST 
Deputy Director stated that: 

The Act, as you are aware, authorizes NIST 
to draw upon computer security guidelines de- 
veloped by NSA to the extent that NIST deter- 
mines they are consistent with the requirements 
for protecting sensitive information in federal 
computer systems. In the area of cryptography, 
wc believe that federal agencies have valid re- 
quirements for access to strong encryption (and 
other cryptographic-related standards) for the 
protection of their information. We were also 
aware of other requirements of the law enforce- 
ment and national security community. Since 
NSA is considered to have the world's foremost 
cryptographic capabilities, it only makes sense 
(from both a technological and economic point 
of view) to draw upon their guidelines and skills 
as useful inputs to the development of standards. 
The use of NSA-designcd and -tested algorithms 
is fully consistent with the Act. We also work 
jointly with NSA in many other areas, including 
the development of criteria for the security eval- 
uation of computer systems. They have had 
more experience than anyone else in such evalu- 
ations. As in the case of cryptography, this is an 
area in which NIST can benefit from NSAs ex- 
pertisc. 19 -* 

According to the NSA Director: 

Our role in support of [the Clinton Adminis- 
tration's key escrow initiative] can be summed 



188 "Digital Signature Standard (DSS) — Draft." FIPS PUB XX. National Institute of Standards and Technology. Feb. I. 1993. 

189 Federal Register. May 19, 1994, op. cit.. footnote 16. p. 26209. 

190 Ibid., p. 26210: also NIST. op. cit.. footnote 26. p. 3. 

191 Computer Security Act of 1°87, sec. 4. 

192 Ibid. 

193 Kammcr testimony. May 3, 1994, op. cit.. footnote 1 3. pp. 1 2-13. (The same written testimony was presented to the Subcommittee on 
Technology and Law, Commiuec on the Judiciary. U.S. Senate, in the morning and to the Subcommittee on Technology. Environment and Avi- 
ation. Committee on Science. Space, and Technology. U.S. House of Representatives, in the afternoon.) 
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up as "technical advisors" to (NIST] and the 
FBI. 

As the nation's signals intelligence (SIGINT) 
authority and cryptographic experts, NSA has 
long had a role to advise other government orga- 
nizations on issues that relate to the conduct of 
electronic surveillance or matters affecting the 
security of communications systems. Our func- 
tion in the latter category became more active 
with the passage of the Computer Security Act 
of 1987. The act states that the National Bureau 
of Standards (now NIST) may, where appropri- 
ate, draw upon the technical advice and assist- 
ance of NSA. It also provides that NIST must 
draw upon computer system technical security 
guidelines developed by NSA to the extent that 
NIST determines that such guidelines are con- 
sistent with the requirements for protecting sen- 
sitive information in federal computer systems. 
These statutory guidelines have formed the ba- 
sis for NSA's involvement with the key escrow 
program. 

Subsequent to the passage of the Computer 
Security Act, NIST and NSA formally executed 
a memorandum of understanding (MOU) that 
created a Technical Working Group to facilitate 
our interactions. The FBI, though not a signato- 
ry to the MOU, v/as a frequent participant in our 
meetings. . . In the ensuing discussions, the FBI 
and NIST sought our technical advice and ex- 
pertise in cryptography to develop a technical 
means to allow for the proliferation of top quali- 
ty encryption technology while affording law 
enforcement the capability to access encrypted 
communications under .lawfully authorized 
conditions. 194 
In discussions with OTA, officials from both 
agencies maintained that no part of the MOU is 
contrary to the Computer Security Act of 1987, 
and that the controversy and concerns are due to 



misperceptions* 195 When OTA inquired about the 
MOU/TWG appeals process in particular, offi- 
cials in both agencies maintained that it does not 
conflict with the Computer Security Act of 1987 
because the MOU process concerns proposed re- 
search and development projects that could lead to 
future NIST standards, not fully-developed NIST 
standards submitted to the Secretary of Com- 
merce or the President. 196 GAO has previously 
noted that NIST considered the process appropri- 
ate because: 

. . . NSA presented compelling national security 
concerns which warranted early review and dis- 
cussion of NISTs planned computer security re- 
lated research and development. If concerns 
arise, NSA wanted a mechanism to resolve 
problems before projects were initiated. 197 

In discussions with OTA, senior NIST and NSA 
staff stated that the appeals mechanism specified 
in the Computer Security Act has never been used, 
and pointed to this as evidence of how well the 
NIST/NS A relationship is working in implement- 
ing the act. 198 These agency officials also told 
OTA that the working interactions between the 
agency staffs have improved over the past few 
years. In discussions with OTA staff regarding a 
draft of this OTA report, Clinton Brooks, Special 
Assistant to the Director of NSA, stated that cryp- 
tography presents special problems with respect 
to the Computer Security Act, and that if NSA 
waited until NIST announced a proposed standard 
to voice national security concerns, the technolo- 
gy would already be "ouf via NISTs public stan- 
dards process. 199 

However, even if implementation of the Com- 
puter Security Act of 1987, as specified in the 



194 McConncll testimony, op. cil.. footnote 8. pp. 1-2. Similar passage in Clinton Brooks testimony, op. cil.. footnote 154. pp. 1-2. 

195 OTA staff interviews with NIST and NSA officials in October 1 993 and January 1 994. Sec also Socolar. op. cit.. footnote 1 53. p. 45. 
,% OTA staff interviews, ibid. 

197 Socolar. op, cit.. footnote 153. p. 45. 

198 OTA staff interview with M . Rubin (Deputy Chic f Counsel. NIST) on Jan. 1 3. J 994 and with four No A staff on Jan. 1 9. 1 994. 

199 Clinton Brooks. Special Assistant to the Director. NSA. personal communication. May 25. 1994 



ERLC 



170 1 Information Security and Privacy in Network Environments 



MOU, is satisfactory to both NIST and NS A, this 
is not proof that it meets Congress' expectations*in 
enacting that legislation. Moreover, chronic pub- 
lic suspicions of and concerns with federal safe- 
guard standards and processes are 
counterproductive to federal leadership in pro- 
moting responsible use of safeguards and to pub- 
lic confidence in government. 

With respect to the EES, many public concerns 
stem from the secrecy of the underlying SKIP- 
JACK algorithm, and from the closed processes 
by which the the EES was promulgated and is be- 
ing deployed. Some of these secrecy-related con- 
cerns on the part of industry and the public have 
focused on the quality of the algorithm and hesita- 
tion to use federal endorsement alone (rather than 
consensus and widespread inspection) as a quality 
guarantee. 200 Others have focused on another 
consequence of the use of a classified algorithm — 
the need to make it only available in tamper-resis- 
tant modules, rather than in software. Still other 
concerns related to secrecy focus or a situation 
where: 

. . . authority over the secret technology under- 
lying the standard [FIPS 1 85] and the documents 
embodying this technology, continues to reside 
with NSA. We thus have a curious arrangement 
in which a Department of Commerce standard 
seems to be under the effective control of a De- 
partment of Defense agency. This appears to 
violate at least the spirit of the Computer Securi- 
ty Act and strain beyond credibility its provi- 
sions for NISTs making use of NSAs 
expertise. 201 

To remedy this, Whitfield Diffie, among others, 
has suggested that: 

Congress should press the National Institute 
of Standards and Technology, with the coopera- 



tion of the National Security Agency, to declas- 
sify the SKIPJACK algorithm and issue a 
revised version of FIPS 185 that specifies the al- 
gorithm and omits the key escrow provisions. 
This would be a proper replacement for FIPS 46, 
the Data Encryption Standard, and would serve 
the needs of the U.S. Government, U.S. industry, 
and U.S. citizens for years to come 202 

It may be the case that using two executive 
branch agencies as the means to effect a satisfacto- 
ry balance between national security and other 
public interests in setting safeguard standards will 
inevitably be limited, due intrabranch coordina- 
tion mechanisms in the National Security Council 
and other bodies. These natural coordination 
mechanisms will determine the balance between 
national-security interests, law-enforcement in- 
terests, and other aspects of the public interest. 
The process by which the executive branch 
chooses this balancing point may inevitably be 
obscure outside the executive branch. (For exam- 
ple, the Clinton Administration's recent cryptog- 
raphy policy study is classified, with no public 
summary.) Public "visibility" of the decision 
process is through its manifestations — in a FIPS, 
in export policies and procedures, and so forth. 
When the consequences of vhese decisions are 
viewed by some (or many) of the public as not 
meeting important needs, or when the govern- 
ment's preferred technical "solution'' is not con- 
sidered useful, a lack of visibility, variety, and/or 
credible explanation fosters mistrust and frustra- 
tion. 

Technological variety is important in meeting 
the needs of a diversity of individuals and commu- 
nities. Sometimes federal safeguard standards are 
eventually embraced as having broad applicabili- 
ty. But it is not clear that the government can — or 



200 A more open inspection process prior to issuance oflhe EES would have allowed issues like the possihle protocol failures in implement- 
ing the law-enforcement access field to be dealt with before they became sensationalized in the press. See »ohn Markoff. "Flaw Discovered 
in Federal Plan for Wiretapping." The New York Times. June 2. 1994. p. 1 and p. D17; and "At AT&T. No Joy in Clipper Flaw." The New York 
Times. June 3. 1994. pp. DI.D2. 

201 Diffie testimony, op. cit.. footnote 24, p. 6. 

202 Ibid., pp. 10- M. 
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should — develop all-purpose technical safeguard 
standards, or that the safeguard technologies be- 
ing issued as the FIPS can be made to meet the full 
spectrum of user needs. More open processes for 
determining how safeguard technologies are to be 
developed and/or deployed throughout society 
can better ensure that a variety of user needs are 
met equitably. 

If it is in the public interest to provide a wider 
range of technical-choices than those provided by 
government-certified technologies (i.e., the 
FIPS), then vigorous academic and private-sector 
capabilities in safeguard technologies are re- 
quired. For example, private users and corpora- 
tions might want the option of using third-party 
deposit or trusteeship services for cryptographic 
keys, in order to guard against accidental loss or 
destruction of keys, in order to provide for ''digital 
powers of attorney," and so forth. 203 But, al- 
though private-sector use of the EES is voluntary, 
if the EES is used, key escrowing is not "option- 
al." Private-sector users that don't want the es- 
crowing arrangements the government has 
associated with the EES must look elsewhere. 204 
As another example, pri\ate-sector users who 
want to increase the security provided by DES- 
based technologies can look to "triple-encryption 



DES," but not to any federal guidance (i.e., a 
FIPS) in implementing it. 

I Executive Branch Implementation of 
Cryptography Policy 

In early 1994, the Clinton Administration an- 
nounced that it had established an interagency 
Working Group on Encryption and Telecommu- 
nications to implement its encryption policy and 
review changes as development warrant. The 
working group is chaired by the Office of Science 
and Technology Policy (0STP) and the National 
Security Council (NSC) and includes representa- 
tives of the agencies that participated in the ten- 
month Presidential review of the impact of 
encryption technology and advanced digital tele- 
communications. 205 According to the announce- 
ment, the working group will develop 
recommendations on encryption policies and will 
"attempt to reconcile the need of privacy and the 
needs of law enforcement." 206 The group will 
work with industry to evaluate possible alterna- 
tives to the EES. It will work closely with the In- 
formation Policy Committee of the Information 
Infrastructure Task Force and will seek private- 
sector input both informally and through groups 



203 Sec Parker, op. cit., footnote 9. Parker describes problems that could occur in organizations if cryptography is used without adequate 
key management and override capabilities by responsible corporate officers. These problems include keys being held foi ransom by disgruntled 
employees and data being rendered inaccessible after being encrypted by employees who then leave to start their own company. 

204 Use of the technique specified in the EES is not the only means by which a variety of keyholdcr arrangements can be designed and 
implemented. Sec, e.g.. David J. Farbcr. Professor of Telecommunications Systems. University of Pennsylvania, testimony before the Subcom- 
mittee on Technology. Environment, and Aviation. Committee on Science. Space, and Technology. U.S. House of Representatives, May 3, 
1994; Frank W. Sudia, Bankers Trust Co.. "Bankers Trust Company International Corporate Key Escrow." February 1994; Silvio Micali. MIT 
Laboratory for Computer Science. "Fair Cryptosystcms." MIT/LCS/TR-579.b. November 1993; and Silvio Micali. MIT Laboratory for Com- 
puter Science. "Fair Cryptosystcms vs. Clipper Chip: A Brief Comparison." Nov. 1 1 . 1993, 

The Bankers Trust approach is an alternative key-escrow encryption technique based on general- purpose trusted devices and public-key 
certificates. According to Bankers Trust, il is designed for worldwide business use without requiring government escrow agents. 

Micali describes how any public-key cryptosystcm can be transformed into a fair one that preserves the security and efficiency of the 
original, while allowing users to select the algorithm they prefer, select all their own secret keys, and use software implementations if desired. 
Fair cryptosystcms incorporate a decentralized pr.x:css for distributing keys to trustees and ensure that court -authorized wire -tapping ends at 
the prescribed time. Sec Silvio Micali. U.S. Patent 5.276.737 (issued Jan. 4. 1994. application filed Apr. 20, 1 992) and U.S. Patent 5. 3 1 5,658 
(issued May 24. 1994. application filed Apr. 19. 1993). The federal government plans to license these patents from Micali (NIST press release. 
July II. 1994).. 

205 White House press rcleaso. "Working Group on Encryption and Telecommunications." Feb. 4. 1994. These agencies will include the 
State Department. Justice Department. Commerce Department (including NIST). DOD. the Treasury Department, OMB. NSA. the Federal Bu- 
reau of Investigation, and the National Economic Council (ibid.). 

206 Ibid. 
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like the National Security Telecommunications 
Advisory Committee, CSSPAB, and the Advisory 
Council on the National Information Infrastruc- 
ture. 

The Clinton Administration made a start at 
working more closely and more openly with in- 
dustry through a Key Escrow Encryption Work- 
shop held at NIST on June 10, 1994. The 
workshop was attended by representatives of 
many of the leading computer hardware and soft- 
ware companies, as well as attendees from gov- 
ernment (including OTA) and academia. One of 
the assumptions stated as the basis for subsequent 
action was that, "the results of the deliberations 
between the government and private sector shall 
be publicly disclosed, consistent with the national 
security interests of the country/' 207 The "pro- 
posed action plan" subsequent to the NIST work- 
shop called for: 

1. attendees to prepare corporate positions on 
working with the government to seek "other" 
approaches to key-escrow encryption. Papers 
were to be submitted to NIST by July 1 , 1 994. 

2. establishment of joint industry-government 
working groups (with NIST leadership) to: 
evaluate all known key-escrowing proposals 
according to criteria jointly developed by gov- 
ernment and industry; hold a public seminar/ 
workshop to discuss and document the results 
of this analysis; and prepare a report that will be 
used as the basis of subsequent discussions be- 
tween "senior government officials and mem- 
bers of the private sector." 

3. Other activities, including examination of ex- 
isting vehicles for collaborative government- 
industry research and development, develop- 
ment of criteria for determining the suitability 
of encryption algorithms to be used in conjunc- 
tion with key escrowing, examination of intel- 
lectual-property and royalty issues related to 



alternative key-escrowing techniques, and cre- 
ation of a government key-escrowing task force 
to manage and expedite the search for key-es- 
crow alternatives. The task force would be run 
by NIST under policy guidance of the inter- 
agency working group led by OSTP and 
NSC. 208 

Based on the discussion and industry presenta- 
tions at the meeting, there was increasing interest 
in exploring "other" approaches to key-escrow en- 
cryption that can be implemented in software, 
rather than just in hardware. 

On July 20, 1994, acknowledging industry's 
concerns regarding encryption and export policy, 
Vice President AI Gore sent a letter to Representa- 
tive Maria Cantwell that announced a "new 
phase" of cooperation among government, indus- 
try, and privacy advocates. This will include un- 
dertaking presidential studies of the effects of 
U.S. export controls and working with industry to 
explore alternative types of key-escrow encryp- 
tion for use in computer networks. Key-escrow 
encryption based on unclassified algorithms or 
implemented in software will be among the alter- 
natives to be explored. Escrow-system safe- 
guards, use of nongovernmental key -escrow 
agents, and liability issues will also be explored. 
However, this exploration is in the context of com- 
puter and video networks, not telephony; the pre- 
sent EES (Clipper chip) would still be used for 
telephone systems. 

Additionally, the Advisory Council on the Na- 
tional Information Infrastructure has initiated a 
"Mega-Project" on privacy, security, and intel- 
lectual property will address applications of cryp- 
tography as it sets about "defining and setting 
guidelines for personal privacy and intellectual 
property protection, outlining methods for pro- 
tecting First Amendment rights, and for addres- 



207 "Proposed Post Meeting Action Plan." presented at Key Escrow Encryption Workshop, NIST. June 10. 1994 (assumptions). 

208 "Proposed Post Meeting Action Plan." presented at Key Escrow Encryption Workshop. NIST. Jun. 10. 1994 (action plan items 1-3). 
The NIST contact is Lynn McNulty. NIST Associate Director for Computer Security. 
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sing national security and emergency 
preparedness." 209 The Advisory Council and the 
Nil Security Issues Forum held a public meeting 
on July 15, 1994, to gather input from various user 
communities regarding their needs and concerns 
with respect to Nil security. 

Key Escrowing for the EES 

In the meantime, however, the Clinton Adminis- 
tration is investing in implementing key escrow- 
ing and the EES. In early 1 994, NIST estimated it 
would take $14 million to establish the escrow 
system and $16 million in annual operating costs 
for the two agents. 210 Justice Department pur- 
chases of EES equipment were estimated at $ 1 2.5 
million. 211 

NIST is the program manager for key escrow- 
ing; the Department of Justice and the Federal Bu- 
reau of Investigation are family-key agents (the 
EES family key is used to encrypt the law enforce- 
ment access field). 212 In February 1994, Attorney 
General Reno designated NIST and Treasury's 
Automated Systems Division as the escrow 
agents for the EES (Clipper) chip-specific keys 
needed to gain access to encrypted communica- 
tions. The Vice President reportedly deemed this 
an "interim solution/' recognizing that having 
both escrow agents within the executive branch 
does little to quell concerns over the potential for 
misuse of the escrowing system. The Clinton Ad- 
ministration reportedly has been considering us- 
ing private organizations or an office in the court 
system as agents. 213 By June 1994, NIST had es- 



crowed 17,000 Clipper chip keys and was prepar- 
ing for escrowing of Capstone chip keys. 214 

The Administration is developing auditing and 
accountability controls to prevent misuse of keys 
(during programming of the chips or in the escrow 
agencies) and to increase public confidence. Ac- 
cording to NIST, these physical-security and insti- 
tutional controls include: 

■ magnetically "wiping" computer memories; 
• locking computers in secure facilities; 

■ using cleared staff; 

■ using shrink-wrapped software; 

■ using safes and secure areas to store pro- 
grammed EES chips and key components; 

■ packaging key components in tamper-evident 
security packaging, with serial numbers; 

■ logging when key components are placed in 
and removed from safes; 

■ using "dual controls" for two-person security, 
requiring two individuals to get at an escrowed 
key component; 

■ using split knowledge — two escrow agents 
each have one of the two key components; 

■ using redundancy in storage and transportation 
of key components; 

■ encrypting stored key components at each site; 
and 

■ ensuring that key components never appear in 
the clear outside of a computer — the escrow 
agents never see them. 215 



2W National Information Infrastructure Advisory Council announcement. Apr. 25, 1994. 

2.0 Federal Register, vol. 59, Feb. 9, 1994. pp. 11-12. OTA asked for. but did not receive, any subsequent cost figures. 

2.1 Roger Callahan, op. cit, footnote 182, point 52. 

2.2 Miles Smid, NIST. "The U.S. Government Key Escrow System " presentation at NIST Key Escrow Encryption Workshop. June 10. 
1993. 

2n See Brad Bass. "While House To Pick Third Party To Hold One Set of Decryption Keys." Federal Computer Week, Mar. 28. 1994. p. 
X and Kevin Power. "Exactly Who Will Guard Those Data Encryption Keys?'* Government Computer News, Apr. 18, 1994, p. 10. 

2,4 Miles Smid. Manager. Security Technology Group, NIST. personal communication. May 25. 1994; and Miles Smid. op. cit.. footnote 
2 1 2, June 1 0. 1 994. See also Dorothy E. Denning and Miles Smid. "Key Escrowing Today," IEEE Communications, in press (September 1994). 

2l *lbid. 
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A June 1994 NIST summary of key-escrow 
program activities included: preparation for pro- 
gramming of Capstone chips, modification of the 
Secure Hash Algorithm to include the technical 
correction announced in April 1994, search for a 
possible new escrow agent, and review of "target 
system" requirements for the key-escrowing sys- 
tem. As of June 1994, according to NIST, the in- 
terim key-escrowing system was using prototype 
components, research and development software, 
and a combination of manual and automated op- 
erations. 

The "target" key-escrowin 6 system will have 
an upgraded chip programming facility, use cryp- 
tographic functions to automate key transporta- 
tion, develop a trusted escrow agent workstation, 
and complete a trusted decryption processor. 216 
According to NIST, the key-escrow program is in 
the second of four phases of development. Phase 1 
(September 1 993 through March 1 994) saw estab- 
lishment of a prototype chip programming facility 
and manual procedures for handling and storage 
of escrow components; there was no decryption 
processor. In phase 2 (April 1994 — ), there is a 
prototype decryption processor, a simple key- 
component extraction program, and manual key- 
component release procedures. Phase 3 will see 
the first release of a target chip programming facil- 
ity and an escrow-agent workstation; phase 4 will 
see deploys nent of the final operating capability 
for all escrowing subsystems. 217 

Although these facilities, procedures, and secu- 
rity measures have been developed specifically 
for the EES and other implementations of the 
SKIPJACK key-escrow encryption algorithm, 
they could be made applicable to other forms of 
escrowed encryption, including software-based 
key-escrow approaches. Some of the established 
procedures and security measures would have to 
be modified and/or augmented for software-based 
escrowed encryption. For encryption (of any type) 
implemented in software, the integrity and reli- 



ability of the software program and code is of par- 
amount importance. 

STRATEGIC AND TACTICAL 
CONGRESSIONAL ROLES 

Congress has vital strategic roles in cryptography 
policy and, more generally, in safeguarding in- 
formation and protecting personal privacy in a 
networked society. This chapter has examined 
these issues as they relate to federal safeguard 
standards and to agency roles in safeguarding in- 
formation. Other controversies — current ones like 
digital telephony and future ones regarding elec- 
tronic cash and commerce — will involve similar 
issues and can be dealt with within a sufficiently 
broad strategic framework. 

Cryptography is a fundamental tool for safe- 
guarding information and, therefore, it has be- 
come a technology of broad application. Despite 
the growth in nongovernmental cryptographic re- 
search and safeguard development over the past 
20 years, the federal government still has the most 
expertise in cryptography and cryptanalysis. 
Thus, federal standards (the FIPS) have substan- 
tial significance for the development and use of 
these technologies. The nongovernmental market 
for cryptography products has grown in the last 20 
years or so, but is still developing. Export controls 
also have substantial significance for the develop- 
ment and use of these technologies. 

Therefore, Congress's choices in setting na- 
tional cryptography policies (including standards 
and export controls) affect information security 
and privacy in society as a whole. Congress has an 
even more direct role in establishing the policy 
guidance within which federal agencies safeguard 
information, and in oversight of agency and OMB 
measures to implement information security and 
privacy requirements. This section presents op- 
tions for congressional consideration with respect 
to safeguarding information in federal agencies 



2.6 Miles Smid, op. cit.. footnote 212, June 10, 1994. 

2.7 Ibid. 
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and to national cryptography policy. Congress has 
both strategic and tactical options in dealing with 
cryptography. 

I The Need for More Open Processes 

More open policies and processes can be used 
to increase equity and acceptance in implement- 
ing cryptography and other technologies. The cur- 
rent controversies over cryptography can be 
characterized in terms of tensions between the 
government and individuals. They center on the 
issue of trust in government. Trust is a particular 
issue in cases like cryptography, when national- 
security concerns require an asymmetry of in- 
formation between the government and the 
public. Government initiatives of broad public ap- 
plication, formulated in secret and executed with- 
out legislation, naturally give rise to concerns 
over their intent and application. There is a history 
of concern over use of presidential national-secu- 
rity directives — often classified and not publicly 
released 218 — to make and execute policy: 

Implementation of policy decisions through 
the issuance of undisclosed directives poses a 
significant threat to Congress* ability to dis- 
charge its legislative and oversight responsibili- 
ties under the Constitution. Operational 
activities undertaken beyond the purview of the 
Congress foster a grave risk of the creation of an 
unaccountable shadow government — a devel- 
opment that would be inconsistent with the prin- 
ciples underlying our republic. 219 

The process by which the EES was selected and 
approved was closed to those outside the execu- 
tive branch. Furthermore, the institutional and 
procedural means by which the EES is being 
deployed (such as the escrow management proce- 



dures) continue to be developed in a closed forum. 
In May 1994 testimony before the House Sub- 
committee on Technology, Environment, and 
Aviation, David Farber (University of Pennsylva- 
nia) stated that "open technical processes are best 
for solving hard problems," such as the need for 
technology and public policy that: 

. . . assure[s] privacy and security, enables law 
enforcement to continue to do its job, and, at the 
same time, respects fundamental civil liberties 
which are at the heart of our constitutional sys- 
tem of government. 220 

Farber called for a more open process for evolving 
proposals like the EES: 

While I recognize that a small part of cryp- 
tography will always be classified, most of the 
development of the proposed escrow system has 
been taking place in those room[s] (not smoke- 
filled any more). This process must be brought 
out into the sunshine of the technical and policy 
community. Proposals like Clipper must be 
evolved, if they are to have any chance of suc- 
cess, with the co-operation and understanding of 
the industrial and academic community and 
their enthusiastic cooperation rather than their 
mistrust. This penchant for openness must not 
be seen as a power struggle between industry 
and government, or as an excuse for revisiting a 
decision that technologists dislike for political 
reasons. Rather it is a reflection of a deep faith in 
open design processes and a recognition that 
closed processes invariably lead to solutions 
which are too narrow and don't last 221 

In calling for congressional action to ensure 
that overall cryptography policy is developed in a 
broader context, Jerry Berman of the Electronic 
Frontier Foundation (EFF) testified that Congress 
should seek the implementation of a set of public 



2,8 H.Rcpt. 100- 153, Part II, op. cit., footnote 33, pp. 31-33. For example, the Congressional Research Service (CRS) reported to the House 
Committee on Government Operations that, between 1981 and 1987, over 200 National Security Decision Directives (NSDDs) had been issued 
by the Reagan Administration, and only five had been publicly disclosed. According to CRS, the NSDDs comprised an ongoing system of 
declared (but usually secret ) U.S. policy statements that, even when available to the public, had to be requested in writing and were not pub- 
lished in the Federal Register (ibid.). NSDD-145 was one of the directives issued during this period. 

2* 9 H. Rcpt. 100-153. Part II, op. cit., footnote 33, p. 33. 

220 Farber testimony, op. cit., footnote 204, p. 4. 

221 Ibid., p. 5. 
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policies that would promote the widespread avail- 
ability of cryptographic systems that seek ^rea- 
sonable" cooperation with law enforcement and 
national security needs; promote constitutional 
rights of privacy and adhere to traditional, Fourth 
Amendment search and seizure rules; and main- 
tain civilian control over public computer and 
communications security, in accordance with the 
Computer Security Act of 1987. 222 

The CSSPAB's Call for a Broad 
Review of Cryptography 

In early 1992, prompted by controversies over the 
proposed DSS, the Computer System Security 
a:id Privacy Advisory Board advised NIST to 
delay a decision on adopting a signature standard 
pending a broad national review on the uses of 
cryptography. 223 Noting the significant public 
policy issues raised during review of the proposed 
signature standard, the CSSPAB unanimously ap- 
proved a resolution to the effect that "a national 
level public review of the positive and negative 
implications of the widespread use of public and 
secret key cryptography is required" in order to 
produce a ''national policy concerning the use of 
cryptography in unclassified/sensitive govern- 
ment and the private sector." 224 



After the escrowed-encryption initiative was 
announced by President Clinton in April 1993 — a 
complete surprise to the CSSPAB — the Board 
was asked by the Deputy Director of NIST to de- 
vote its June i 993 meeting to hearing public views 
on what was being called the Clipper program. 225 
The Board then unanimously resolved to gather 
additional public and government input. The 
Board recommended that the interagency cryp- 
tography policy review that was part of the Presi- 
dent's April 1993 announcement take note of the 
"serious concerns and problems" the CSSPAB 
had identified. 226 The CSSPAB subsequently 
held four more days of public hearings and re- 
solved (not unanimously) that the preliminary 
concerns identified in the June hearings had been 
"confirmed as serious concerns which need to be 
resolved." 227 The Board strengthened its views 
on the importance of a broad national cryptogra- 
phy policy review, including Congress, before any 
new or additional cryptographic "solution" is ap- 
proved as a U,S. government standard, in order to 
resolve the following issues: 

1. the protection of law-enforcement and nation- 
al-security interests; 



222 Jerry J. Berman, Executive Director. Electronic Frontier Foundation, testimony before the Subcommittee on Technology. Environment, 
and Aviation, Committee on Science, Space, and Technology. U.S. House of Representatives. May 3. 1994. pp.. 13-14. 

223 Minutes of the March 1 7- 1 8, 1 992 meeting of the CSSPAB (available from NIST) . See also David K. Black, op. cit.. pp. 439-440; Darr> I 
K. Taft, "Board Finds NISTs DSS Unacceptable." Government Computer News, Dec. 23. 1991 . pp. 1 . 56; and Kevin Power, "Security Board 
Calls for Del ay on Digital Signature." Gove/vime/if Computer AW 5. Mar. 30, 1992. p. 1 14. In the public comments, negative responses outnum- 
bered endorsements of the DSS by 90 to 1 3 (Power, ibid.). 

224 CSSPAB Resolution No. 1 of Mar. 18. 1992. See discussion of this resolution and other CSSPAB activities in. Willis H. Ware. Chairman. 
CSSPAB, testimony before the Subcommittee on Technology. Environment, and Aviation, Committee on Science. Space, and Technology. U.S. 
House of Representatives, May 3, 1994. 

225 Sec Ware testimony, ibid., pp. 6-7. See also "Cryptographic Issue Statements," submitted to the Computer System Security and Privacy 
Advisory Board, revised June 25, 1993 (available from NIST) and "Summary of Comments Received by the Computer System Security and 
Privacy Advisory Board (in conjunction with its June 2-4. 1993 public meeting)." also available from NIST. A full transcript is also available 
from NIST. 

226 CSSPAB Resolution No. 1 of June 4, 1993 and attachment. The Board noted that Congress should also play a role in the conduct and 
approval of the results of the review. 

2 * 7 CSSPAB Resolution 93-5 of Sept. 1-2. 1993. 
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2. the protection of U.S. computer and telecom- 
munications interests in the international mar- 
ketplace; and 

3. the protection of U.S. persons' interests, both 
domestically and internationally. 228 

This resolution stated that, . . the Congress of 
the U.S. must be involved in the establishment of 
cryptographic policy." 229 

In May 1994 testimony, CSSPAB Chairman 
Willis Ware of the RAND Corp, noted that, from 
March 1 992 to present, based on its publicly avail- 
able record, the board has: 

• focused attention of government agencies on 
the cryptographic issue; 

• focused attention of the public and various 
private-sector organizations on the crypto- 
graphic issues; 

• provided a forum in which public views as 
well as government views could be heard; 

• assembled the only public record of ongoing 
activities and progress in the Clipper initia- 
tive; and 

• created a public record for national cryptog- 
raphy policy, and its many dimensions — 
Clipper, Capstone [OTA note: these refer to 
implementations of the EES encryption algo- 
rithm], the DSS, public concerns, constitu- 
tional concerns. 230 

The National Research Council Study 

The Committees on Armed Services, Commerce, 
Intelligence, and Judiciary have asked the Nation- 
al Research Council (NRC) to undertake a two- 



year study of national policy with respect to the 
use and regulation of cryptography. 231 The study 
is intended to address how technology affects the 
policy options for various national interests (e.g., 
economic competitiveness with respect to export 
controls, national security, law enforcement, and 
individual privacy rights) and the process by 
which national cryptography policy has been for- 
mulated. It will also address the current and future 
capabilitie§x)f cryptographic technologies suit- 
able for commercial use. In its Resolution 93-7, 
the CSSPAB endorsed the NRC study of national 
cryptography as the study that "best accom- 
plishes" the Board's "repeated calls" for a national 
review. 232 

In June 1994, the NRC was still forming the 
study committee; the chair and vice-chair had 
been selected. According to the study staff, once 
the committee process is fully under way, the 
committee will be soliciting the views of and in- 
put from as wide a constituency as possible; the 
committee hopes that those with interests in the 
topic will respond to calls for input "with thought 
and deliberation." 233 A subpanel of the committee 
will receive security clearance; the role of this 
subpanel will be to ensure that the findings of the 
study committee are "consistent with what is 
known in the classified world." 234 

I National Cryptography Policy 

Congress has a major role in establishing the na- 
tion's cryptography policy. Just as cryptography 
has become a technology of broad application, so 
will decisions about cryptography policy have in- 



22K CSSPAB Resolution 93-6 of Sept. 1-2. 1903. 
229 Ibid. Sec also Ware testimony, op. ciL, ftxunotc 224. 
Ware testimony, ibid., p. II . 

231 As part of the Defense Authorization Bill for FY 1 994 (Public Law 103-160). the Committees on Armed Services. Intelligence. Com- 
merce, and Judiciary of the Senate and House of Representatives have asked the National Research Council to undertake a classified, two-year 
study of national policy with respect to the use and regulation of cryptography. Announcement from the Computer Science and Telecommu- 
nications Board. National Research Council. Dec. 7. 1993. 

232 CSSPAB Resolution 93-7 (Dec. 8-9. 1993). 

233 Herb Lin. Senior Staff Officer. National Research Council, personal communications. May II and June I. 1994. 
2,4 Ibid. 
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creasingly broad effects on society. The effects of 
policies about cryptography are not limited to 
technological developments in cryptography, or 
even to the health and vitality of companies that 
produce or use products incorporating cryptogra- 
phy. Instead, these policies will increasingly af- 
fect the everyday lives of most Americans. 
Cryptography will be used to help ensure the con- 
fidentiality and integrity of health records and tax 
returns. It will help speed the way to electronic 
commerce, and it will help manage copyrighted 
material in electronic form. 

Recognizing the importance of the technology 
and the policies that govern its development, dis- 
semination, and use, Congress asked the NRC to 
conduct a major study that would support a broad 
review of cryptography (see above). The results of 
the study are expected to be available in 1996. 
Given the :peed with which the Administration 
is acting, information to support a Congressio- 
nal policy review of cryptography is out of phase 
with the implementation of key-escrow encryp- 
tion. Therefore, Congress may wish to consider 
placing a hold on further deployment of key-es- 
crow encryption, pending a congressional policy 
review. 

An important outcome of a broad review of na- 
tional cryptography policy would be development 
of more open processes to determine how cryptog- 
raphy will be deployed throughout society. This 
deployment includes development of the public- 
key infrastructures and certification authorities 
that will support electronic delivery of govern- 
ment services, copyright management, and digital 
commerce (see chapters 2 and 3). More open proc- 
esses would build trust and confidence in govern- 
ment operations and leadership. More openness 
would also allow diverse stakeholders to under- 
stand how their views and concerns were being 
balanced with those of others, in establishing an 
equitable deployment of these technologies, even 
when some of the specifics of the technology re- 
main classified. More open processes will also al- 
low for public consensus-building, providing 
better information for use in congressional over- 
sight of agency activities. Toward this end, Con- 
gress may wish to consider the extent to which 



the current working relationship between NIST 
and NSA will be a satisfactory part of this open 
process, or the extent to which the current ar- 
rangements should be reevaluated and revised. 

Another important outcome would be a sense 
of Congress with regard to information policy 
and technology and to when the impact of cer- 
tain technologies is so pervasive and powerful 
that legislation is needed to provide public visi- 
bility and accountability. For example, many of 
the concerns surrounding the EES (and the key-es- 
crowing initiative in general) focus on whether 
key-escrow encryption will be made mandatory 
for government agencies or the private sector, or if 
nonescrowed encryption will be banned, and/or if 
these actions could be taken without legislation. 

Other concerns focus on whether or not alterna- 
tive forms of encryption would be available that 
would allow private individuals and organizations 
the option of depositing keys with one or more 
third-party trustees, or not — at their discretion. 
These trustees might be within government, or in 
the private se;*tor, depending on the nature of the 
information to be safeguarded and the identity of 
its custodians. (For example, federal policy might 
require agencies to deposit cryptographic keys 
used to maintain confidentiality of taxpayer data 
only with government trustees. Companies and 
individuals might be free not to use trustees, or if 
they did, could choose third-party trustees in the 
private sector or use the services of a government 
trustee.) The NRC study should be valuable in 
helping Congress to understand the broad range of 
technical and institutional alternatives available 
for various types of trusteeships for cryptographic 
keys, "digital powers of attorney," and the like. 
However, if implementation of the EES and re- 
lated technologies continues at the current pace, 
key-escrow encryption may already be embedded 
in information systems. 

As part of a broad national cryptography 
policy, Congress may wish to periodically ex- 
amine export controls on cryptography, to en- 
sure that these continue to reflect an appropriate 
balance between the needs of signals intelli- 
gence and law enforcement and the needs of the 
public and business communities. This ex- 
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amination would take into account changes in 
foreign capabilities and foreign availability of 
cryptographic technologies. Information from 
industry on the results of licensing reforms and the 
executive branch study of the encryption market 
and export controls that is included in the 1994 ex- 
port administration legislation (see discussion 
above on export controls and competitiveness) 
should provide some near-term information. 
However, the scope and methodology of the stud- 
ies that Congress might wish to use in the future 
may differ from these. Congress might wish to 
assess the validity and effectiveness of the Ad- 
ministration's studies by conducting oversight 
hearings, by undertaking a staff analysis, or by 
requesting a study from the Congressional 
Budget Office. 

Congressional Responses to 
Escrowed-Encryption Initiatives 

Congress also has a more near-term role to play in 
determining the extent to which — and how — the 
EES and other escrowed-encryption systems will 
be deployed in the United States. These actions 
can be taken within a long-term, strategic frame- 
work. Congressional oversight of the effective- 
ness of policy measures and controls can allow 
Congress to revisit these issues as needed, or as 
the consequences of previous decisions become 
more apparent. 

The EES was issued as a voluntary federal stan- 
dard; use of the EES by the private sector is also 
voluntary. The Clinton Administration has stated 
that it has no plans to make escrowed encryption 
mandatory, or to ban other forms of encryption: 

As the [Clinton] Administration has made 
clear on a number of occasions, the key-escrow 
encryption initiative is a voluntary one; we have 
absolutely no intention of mandating private use 
of a particular kind of cryptography, nor of cri- 
minalizing the private use of certain kinds of 
cryptography. We are confident, however, of the 
quality and strength of key-escrow encryption 
as embodied in this chip [i.e., the Clipper chip 



implementation of EES], and we believe it will 
become increasingly attractive to the private 
sector as an excellent, easy-to-use method of 
protecting sensitive personal and business in- 
formation. 235 

But, absent legislation, these intentions are not 
binding for future administrations and also leave 
open the question of what will happen if EES and 
related technologies do not prove attractive to the 
private sector. Moreover, the executive branch 
may soon be using the EES and/or related es- 
crowed-encryption technologies to safeguard — 
among other things — large volumes of private 
information about individuals (e.g., taxpayer 
data, healthcare information, and so forth). 

For these reasons, the EES and other key-es- 
crowing initiatives are by no means only an execu- 
tive branch concern. The EES and any subsequent 
escrowed-encryption standards also warrant con- 
gressional attention because of the public funds 
that will be spent in deploying them. Moreover, 
negative public perceptions of the EES and the 
processes by which encryption standards are de- 
veloped and deployed may erode public confi- 
dence and trust in government and, consequently, 
the effectiveness of federal jeadership in promot- 
ing responsible safeguard use. 

In his May 1994 testimony before the Senate 
Subcommittee on Technology and the Law, Whit- 
field Diffie observed that: 

In my experience, the people who support the 
key escrow initiative are inclined to express sub- 
stantial trust in the government. I find it ironic 
therefore that in its conduct of this program, the 
[Clinton] Administration has followed a course 
that could hardly have been better designed to 
provoke distrust. The introduction of mecha- 
nisms designed to assure the government's abil- 
ity to conduct electronic surveillance on its 
citizens and limit the ability of citizens to pro- 
tect themselves against such surveillance is a 
major policy decision of the information age. It 
has been presented, however, as a technicality, 
buried in an obscure series of regulations. In so 
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doing, it has avoided congressional consider- 
ation of either its objectives or its budget. The 
underlying secrecy of the technology has been 
used as a tool for doling out information piece- 
meal and making a timely understanding of the 
issues difficult to achieve. 236 

In responding to the Clinton Administra- 
tion's escrowed-encryption initiatives, and in de- 
termining the extent to which appropriated 
funds should be used in implementing EES and 
related technologies, Congress might wish to ad- 
dress the appropriate locations of the key-escrow 
agents, particularly for federal agencies, before 
additional investments are made in staff and fa- 
cilities for them. Public acceptance of key-es- 
crow encryption might be improved — but not 
assured — by an escrowing system that used sep- 
aration of powers to reduce perceptions of the 
potential for misuse. 

In response to an OTA inquiry in late 1993, the 
Congressional Research Service examined any 
constitutional problems that might arise in placing 
an escrow agent elsewhere in government. Ac- 
cording tc CRS, placing custody of one set of keys 
in a federal court or an agency of the judicial 
branch would almost certainly pass constitutional 
challenge: 

First, as we discussed, it is a foregone conclu- 
sion that custody of one key could not be vested 
in Congress, a congressional agency, or a con- 
gressional agent. Using strict separation-of- 
powers standards, the Supreme Court has held 
that no legislator or agency or agent of the Legis- 
lative Branch may be given a role in execution 
of the laws. . . Custody of one of the keys and 
the attendant duties flowing from that posses- 
sion is certainly execution of the laws. 

Second, placing custody of one of the keys in 
a federal court or in an agency of the Judicial 



Branch almost certainly pass constitutional 
challenge. . . 

Under the Fourth Amendment, it is the re- 
sponsibility of judges to issue warrants for 
searches and seizures, including warrants for 
wiretapping and other electronic surveillance. 
Courts will authorize interceptions of the tele- 
communications a* issue here. Under those cir- 
cumstances, it is difficult to see a successful 
argument that custody of one of the keys [is] 
constitutionally inappropriately placed in a judi- 
cial agency. 

Alternatively, it would seem equally valid to 
place custody in a court itself. . . If a court is to 
issue a warrant authorizing seizure and decryp- 
tion of certain telecommunications, effectuation 
of such a warrant through the partial agency of 
one of two encryption keys hardly seems to stray 
beyond the bounds of judicial cognizance. 2 -* 7 

With respect to current and subsequent es- 
crowed-encryption initiatives, and in determin- 
ing the extent to which appropriated funds 
should be used in implementing EES and re- 
lated technologies, Congress may wish to ad- 
dress the issue of criminal penalties for misuse 
and unauthorized disclosure of escrowed key 
components. Congress may also wish to consid- 
er allowing damages to be awarded for individu- 
als or organizations who were harmed by misuse 
or unauthorized disclosure of escrowed key com- 
ponents. 

Acceptance in the United States, at least, might 
be improved if criminal penalties were associated 
with misuse of escrowed keys 238 and if damages 
could be awarded to individuals or organizations 
harmed by misuse of escrowed keys. In May 1 994 
testimony before the House Subcommittee on 
Technology, Environment, and Aviation, Jerry 
Berman of the Electronic Frontier Foundation 



236 Diffic testimony, op. cit.. footnote 24, p. 10. 

237 Johnny H. Killian, Senior Specialist, American Constitutional L^v, CRS, "Options for Deposit of Encryption Key Used in Certain Elec- 
tronic Interceptions Outside Executive Branch," memorandum to Joan D. Winston, OTA, Mar. 3. 1994, 

238 current statutes regarding computer fraud and abuse, counterfeit access devices, and trafficking in passwords (i.e.. 18 USC 1029. 
1030) might conceivably be stretched to cover some misuses by escrow agents, but are not sufficient. 
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noted that the lack of legal rights for those whose 
keys were escrowed and lack of stability in escrow 
rules served to reduce trust in the system: 

As currently written, the escrow procedures 
insulate the government escrow agents from any 
legal liability for unauthorized or negligent re- 
lease of an individual's key. This is contrary to 
the very notion of a escrow system, which ordi- 
narily would provide a legal remedy for the de- 
positor whose deposit is released without 
authorization. If anything, escrow agents should 
be subject to strict liability for unauthorized dis- 
closure of keys. 

The Administration has specifically stated 
that it will not seek to have the escrow proce- 
dures incorporated into legislation or official 
regulations. Without formalization of rules, us- 
ers have no guaranty that subsequent adminis- 
trations will follow the same rules or offer users 
the same degree of protection. This will greatly 
reduce trust in the system. 239 

However, while measures addressing the loca- 
tion of the escrow agents, sanctions, and liability 
for key-frscrow encryption could increase accep- 
tance of escrowed encryption in the United States, 
these measures would not be sufficient to ensure 
aceptance in the international business communi- 
ty, 240 Other aspects of key-escrow encryption, 
such as use of a classified encryption algorithm, 
implementation in hardware only, and key man- 
agement, could still be troublesome to the interna- 
tional business community (see below). 

The Internationa) Chamber of Commerce's 
(ICC) ICC Position Paper on International En- 
cryption Policy notes the growing importance of 
cryptography in securing business information 
and transactions on an international basis and, 
therefore, the significance of restrictions and con- 
trols on encryption methods: 

While the ICC recogises that governments 
have a national security responsibility, it cannot 



over-emphasise the importance of avoiding arti- 
ficial obstacles to trade through restrictions and 
controls on Encryption Methods, Many coun- 
tries have or may use a variety of restrictions 
which inhibit businesses from employing secure 
communications. These restrictions include ex- 
port and import control laws, usage restrictions, 
restrictive licensing arrangements, etc. These 
diverse, restrictive measures create an interna- 
tional environment which does not permit busi- 
nesses to acquire, use, store, or sell Encryption 
Methods uniformly to secure their worldwide 
communications. 

. . .What is needed is an international policy 
which minimises unnecessary barriers between 
countries and which creates a broader interna- 
tional awareness of the sensitive nature of in- 
formation 

Furthermore, the ICC believes that restric- 
tion in the use of encryption for [crime preven- 
tion] would be questionable given that those 
engaged in criminal activities would most cer- 
tainly not feel compelled to comply with the reg- 
ulations applied to the general business 
community. The ICC would urge governments 
not to adopt a restrictive approach which would 
place a particularly onerous burden on business 
and society as a whole. 241 

ICC's position paper calls on governments to: 
1) remove unnecessary export and import con- 
trols, usage restrictions, restrictive licensing ar- 
rangements and the like on encryption methods 
used in commercial applications; 2) enable net- 
work interoperability by encouraging global stan- 
dardization; 3) maximize users 1 freedom of 
choice; and 4) work together with industry to re- 
solve barriers by jointly developing a comprehen- 
sive international policy on encryption. 

ICC recommends that global encryption policy 
be based on the following broad principles: 



2 -* 9 Bcmian testimony, op. at. footnote 222. p. 5. 

240 Nanette DiTosto. Manager. Telecommunications/Economic and Financial Policy. U.S. Council for International Business, personal 
communication. Apr. 28, 1994. Among its other activities, the Council is the U.S. affiliate of the International Chamber of Commerce. 

241 International Chamber of Commerce, ICC Position Paper on International Encryption Policy (Paris: ICC. 1$94), pp. 2.3. 
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• Different encryption methods will be needed 
to fulfill a variety of user needs. Users should 
be free to use and implement the already ex- 
isting framework of generally available and 
generally accepted encryption methods and 
to choose keys and key management without 
restrictions. Cryptographic algorithms and 
key-management schemes must be open to 
public scrutiny for the commercial sector to 
gain the necessary level of confidence in 
them. 

• Commercial users, vendors, and govern- 
ments should work together in an open in- 
ternational forum in preparing and approving 
global standards. 

• Both hardware and software implementa- 
tions of encryption methods should be al- 
lowed. Vendors and users should be free to 
make technical and economic choices about 
modes of implementation and operation. 

• Owners, providers, and users of encryption 
methods should agree on the responsibility, 
accountability, and liability for such meth- 
ods. 

• With the exception of encryption methods 
specifically developed for military or diplo- 
matic uses, encryption methods should not be 
subject to export or import controls, usage re- 
strictions, restrictive licensing arrangements, 
or other restrictions. 242 

In June 1994, the U.S. Public Policy Commit- 
tee of the Association for Computing Machinery 
(USACM) issued its position on the EES and re- 
leased a special panel report on issues in U.S. 
cryptography policy. 243 The USACM recom- 
mended, among other things, that the process of 
developing the FIPS be placed under the Adminis- 
trative Procedures Act, reflecting their impact on 
nonfederal organizations and the public at 
large. 244 



I Safeguarding Information in 
Federal Agencies 

The forthcoming revision of Appendix III 
("Agency Security Plans") of OMB Circular 
A- 130 should lead io improved federal informa- 
tion-security practices. According to OMB, the 
revision of Appendix III will take into account the 
provisions and intent of the Computer Security 
Act of 1987, as well as observations regarding 
agency security plans and practices from agency 
visits. To the extent that the revised Appendix III 
facilitates more uniform treatment across agen- 
cies, it can also make fulfillment of Computer Se- 
curity Act and Privacy Act requirements more 
effective with respect to data sharing and second- 
ary uses (see discussion in chapter 3). 

The revised Appendix III had not been issued 
by the time this report was completed. Although 
OTA discussed information security and privacy 
issues with OMB staff during interviews and a De- 
cember 1993 OTA workshop, OTA did not have 
access to a draft of the revised security appendix. 
Therefore, OTA was unable to assess the revi- 
sion Y potential for improving information securi- 
ty in federal agencies, for holding agency 
managers accountable for security, or for ensuring 
uniform protection in light of data sharing and 
secondary uses. 

After the revised Appendix III of OMB Circu- 
lar A-l 30 is issued, Congress may wish to assess 
the effectiveness of the OMB's revised guide- 
lines, including improvements in implementing 
the Computer Security Act's provisions regard- 
ing agency security plans and training, in order 
to determine whether additional statutory re- 
quirements or oversight measures are needed. 
This might be accomplished by conducting over- 
sight hearings, undertaking a staff analysis, 
and/or requesting a study from the General Ac- 



Ibid., pp. 3-4. 
:4X Landau cl al.. op. cit.. footnote 6. 

?44 USACM position on the Escrowed Encryption Standard, June 30, 1994. 
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counting Office. However, the effects of OMB's 
revised guidance may not be apparent for some 
time after the revised Appendix HI is issued. 
Therefore, a few years may pass before GAO is 
able to report government-wide findings that 
would be the basis for determining the need for 
further revision or legislation. 

In the interim. Congress might wish to gain 
additional insight through hearings to gauge 
the reaction of agencies, as well as privacy and 
security experts from outside government, to 
OMB's revised guidelines. Oversight of this sort 
might be especially valuable for agencies, such 
as the Internal Revenue Service, that are devel- 
oping major new information systems. 

In the course of its oversight and when con- 
sidering the direction of any new legislation, 
Congress might wish to consider measures to: 

■ ensure that agencies include explicit provi- 
sions for safeguarding information assets in 
any information-technology planning docu- 
ments; 

■ ensure that agencies budget sufficient re- 
sources to safeguard information assets, 
whether as a percentage of information- 
technology modernization and/or operating 
budgets, or otherwise; and/or 

■ ensure that the Department of Commerce as- 
signs sufficient resources to NIST to support 
its Computer Security Act responsibilities, as 
well as NIST's other activities related to safe- 
guarding information and protecting privacy 
in networks. 

* 

Regarding NISTs computer-security budget 
(see table 4- 1 ), OTA has not determined the extent 
to which additional funding is needed, or the ex- 
tent to which additional funding would improve 
the overall effectiveness of NISTs information- 
security activities. However, in staff discussions 



and workshops, individuals from outside and 
within government repeatedly noted that NISTs 
security activities were not proactive and that 
NIST often lagged in providing useful and needed 
standards and guidelines. 245 Many individuals 
from the private sector felt that NISTs limited re- 
sources for security activities precluded NIST 
from doing work that would also be useful to in- 
dustry. Additional resources, whether from over- 
all increases in NISTs budget and/or from 
formation of a new Information Technology Lab- 
oratory, could enhance NISTs technical capabili- 
ties, enable it to be more proactive, and hence, be 
more useful to federal agencies and to industry. 

NIST activities with respect to standards and 
guidelines related to cryptography are a special 
case, however. Increased funding alone will not be 
sufficient to ensure NISTs technological leader- 
ship or its fulfillment of the "balancing" role as en- 
visioned by the Computer Security Act of 1987. 
With respect to cryptography, national -security 
constraints set forth in executive branch policy di- 
rectives appear to be binding, implemented 
through executive branch coordinating mecha- 
nisms including those set forth in the NTST/NSA 
memorandum of understanding. These 
constraints have resulted, for example, in the 
closed processes by which the Administration's 
key-escrow encryption initiatives, including the 
EES, have been developed and implemented. In- 
creased funding could enable NIST to become a 
more equal partner to NSA, at least in deploying 
(if not developing) cryptographic standards. But, 
if NIST/NSA processes and outcomes are to re- 
flect a different balance of national security and 
other public interests, or more openness, than has 
been evidenced over the past five years, clear 
policy guidance and oversight will be needed. 



245 For a sample of federal agency "wants and ideas" regarding NISTs role, sec Gilbert, op. cit., footnote 163, appendix M, especially pp. 
appendix -85 and appendix -86. 
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SAM HXJUH CtOHGlA WILLIAM V SOTM. J. OlLAWAAl 

Carl lIvi* miCmig*»« ftO STtVlNS. ALASKA 

JIM SASSt*. TtNNtSSIt WILLIAM S COHlH MAlNI 

OAVIO PKYOft ARKANSAS TMAO COCMHAW MISSISSIPPI 

JOSEPH I LICBCRMAN COHNCCT.CUT JOHN McCAJN AAtZONA 
biH\l K *KA*.K HAWAII 

SrftON L OORGan NORTm OakOTa 



mmted States 



l ionaao wtiss sta/f oirictor COMMITTEE ON 

iwmuN g pou minowty staff o.mctoa ano cmhf covnsu GOVERNMENTAL AFFAIRS 

WASHINGTON. DC 20510-8250 



May 27, 1993 



Dr. Roger Herdman 
Director 

Office of Technology Assessment 
600 Pennsylvania Avenue, S.E. 
Washington, D.C. 20510-8025 



Dear Dr. Herdman: 

The technological advances which have led to 
increased access to network information resources such as 
"digital libraries" and shared databases present serious new 
security and privacy challenges that need to be addressed. 
These new challenges are clearly the most pressing computer- 
security issues that have emerged since enactment of P.L. 100- 
235 in 1987 . And the importance of these issues is 
intensified by industry and government trends that are moving 
toward a highly integrated, interactive network for use by 
both the private and public sectors. 

Security and privacy issues in a network environment 
are also being brought to the forefront by legislative 
initiatives to spur development of high-speed networking, as 
well as by elements of the Administration's technology plan 
addressing more widespread use of Internet and development of 
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the National Research and Education Network. Members of the 
government , research, educational , and business communities , 
as well as the general public, are beginning to use network 
information resources and will, increasingly, come to rely 
upon them. 

I am concerned ^bout vulnerabilities from increased 
connectivity of information systems within and outside 
government. Without timely attention to security issues for 
such large scale computer networks, the prospect of 
plagiarism, corruption of databases, and improper use of 
copyrighted or sensitive corporate data could affect the 
privacy and livelihood of millions of Americans. 

In order to address these problems, I request that 
OTA study the changing needs for protecting privacy and 
proprietary information. I would like your review to consider 
the technological and institutional privacy and security 
measures that can be used to ensure the integrity, 
availability, artd proper use of digital libraries and other 
network information resources . 

To the extent necessary, OTA's study should assess the need 
for new or updated federal computer security guidelines and 
federal computer-security and encryptic standards. This 
study should build upon OTA's 1987 report on computer security 
(Defending Secrets, Sharing Data: New Locks and Keys for 
Electronic Inf ormation ) , but should focus on security and 
privacy concerns for networked information given the growth in 
federal support for large scale networks. 

I appreciate your prompt consideration of this 
reauest. To be of most use, OTA's report should, be available 
for the Committee' s use not later than Spring 1994. 

Should you have any questions, feel free to call me 
or Mr. Mark Forman or Mr. Michael Fleming of my staff at 224- 
2441. 




William V. Rtfth, Jr. 
U. S. Senate 
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mnitd States Senate 

COMMITTEE ON 
GOVERNMENTAL AFFAIRS 

WASHINGTON, OC 20510-6250 

July 1, 1992 



Dr . Roger Herdman 
Director 

Office of Technology Assessment 
600 Pennsylvania Avenue, S.E. 
Washington, D.C. 20510-8025 

Dear Dr . Herdman : 

By this letter, I would like to request to be a 
co-sponsor, with Senator William Roth, of the planned OTA 
study on Information Security and Privacy in Network 
Environments . 

As Senator Roth said in his Hay 27, 1993, letter to you, 
technological advances are leading to a new world of 
networked information in which privacy and security concerns 
are critical. It is incumbent upon Congress to be informed 
and ready to develop any needed legislative solutions for 
these emerqing issues. 

While these are matters of national importance, they are 
also pressing issues within the context of government 
operations and the jurisdiction of the Committee on 
Governmental Affairs, which I chair, and in which Senator 
Roth is Ranking Republican Member. For this same reason, I 
requested OTA to undertake its current Electronic Service 
Delivery study. And thus, I would like to co-sponsor the 
very complementary study on information privacy and security. 

Thank you very much. If you should have any questions, 
please call David Plocher on the Committee staff (224-4751). 

Best regards. 



Since 




John Glenn 
Chairman 



CC: Senator Roth 
JG/dp 



BEST COPY AVAILABLE 



135 



188 1 Information Security and Privacy in Network Environments 



cut mUNOREO TH '*0 congress 



lOWARO 4 MAM(Y MASSACHUSETTS. CHAIRMAN 



BOOM Hi lift 
fORO MOUSE OtHCl BUHOiNU 
fmONE l?QJ) 226-742* 



WJ O'LLY TALLIN LOUISIANA 
RICK SOUCKtA VIRGINIA 
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LYHNSCHEHK CALIFORNIA 
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MIKE SYNAR OKLAHOMA 
RON WYOEN. OREGON 
RALPH M HALL TtKAS 
Bill RiCkaaOSON NEW mExiCO 
Jim SLaTTERY hanSaS 

JOHN 1RTANT TEXAS 
jim COOPE1 TENNESSEE 

JOHN 0 OiNGELL MICHIGAN 
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JACK FIELDS TEXAS 

^hOMaS J BLILEY. jn . VIRGINIA 

MICHAEL G OXLEY. OHIO 

OAN S C ka E F E ft. COLORAOO 

jOE BARTON. TEXAS 

ALEX MCMILLAN. NORTH CAROLINA 

J OENNtS HASTERT. ILLINOIS 
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$ouse of fceptesentattbeg 

Committtt on fcnergp anb Commerce 

SUBCOMMITTEE ON TELECOMMUNICATIONS AND FINANO^ 

OUtftyngton, BC 20515-6119 



August 10, 1993 



Dr. Roger Herdman 
Director 

Office of Technology Assessment 
600 Pennsylvania Avenue, S.E. 
Washington, D.C. 20510-8025 

Dear Dr. Herdman: 

As this country moves forward with implementation of 
advanced communications networks, we must maintain security and 
privacy for all involved. Your planned study on Information 
Security and Privacy in Network Environments will enable Congress 
to determine how best to ensure security and privacy in these 
increasingly complex technological times. 

As Chairman of the House Subcommittee on Telecommunications 
and Finance, I am committed to supporting communications that 
will both enhance education, health care, business, and 
individuals, and protect the users of such communications. 
Accordingly, I request to be a co-sponsor, along with Senators 
Roth and Glenn, of your timely study on network security and 
privacy . 

Thank you for your work in this area. Please do not 
hesitate to contact me, or Gerry Waldron or Colin Crowell of my 
Subcommittee staff, at 226-2424 should you have any questions or 
concerns as you proceed. 



Sincerely, 

Edward J. 
Chairman 



Tlarkey U 



Senator Roth 
Senator Glenn 
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101 STAT. 1724 



PUBLIC LAW 100-235-JAN. 8, 1988 



Public Law 100-235 
100th Congress 



Jan. S. 198S 
[H.R 145] 



Computer 

Security Act of 

19S7. 

Classified 

information. 

40 USC 759 note. 

40 USC 759 note. 



15 USC : 



An Act 



15 USC 27Sh 
15 USC 278g-3. 



To provide for a computer standards program within the National Bureau of Stand- 
ards, to provide for Government-wide computer security, and to provide for the 
training in security matters of persons who are involved in the management, 
operation, and use of Federal computer systems, and for other purposes. 

Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled, 

SECTION 1. SHORT TITLE. 
This Act may be cited as the "Computer Security Act of 1987". 

SEC. 2. PURPOSE. 

(a) In General.— The Congress declares that improving the secu- 
rity and privacy of sensitive information in Federal computer sys- 
tems is in the public interest, and hereby creates a means for 
establishing minimum acceptable security practices for such sys- 
tems, without limiting the scope of security measures already 
planned or in use. 

(b) Specific Purposes.— The purposes of this Act are — 

(1) by amending the Act of March 3, 1901, to assign to the 
National Bureau of Standards responsibility for developing 
standards and guidelines for Federal computer systems, includ- 
ing responsibility for developing standards and guidelines 
needed to assure the cost-effective security and privacy of sen- 
sitive information in Federal computer systems, drawing on the 
technical advice and assistance (including work products) of the 
National Security Agency, where appropriate; 

(2) to provide for promulgation of such standards and guide- 
lines by amending section 111(d) of the Federul Property and 
Administrative Services Act of 1949; 

(3) to require establishment of security plans by all operators 
of Federal computer systeins that contain sensitive information; 
and 

(4) to require mandatory periodic training for all persons 
involved in management, use, or operation of Federal computer 
systems that contain sensitive information. 

SEC. 3. ESTABLISHMENT OF COMPUTER STANDARDS PROGRAM. 

The Act of March 3, 1901 (15 U.S.C. 271-278W, is amended— 

(1) in section 2(f), by striking out "and" at the end of para- 
graph (18), by striking out the period at the end of paragraph 
(19) and inserting in lieu thereof: "; and", and by inserting after 
such paragraph the following: 

"(20) the study of computer systems (as that term is defined in 
section 20(d) of this Act) and their use to control machinery and 
processes."; 

(2) by redesignating section 20 as section 22, and by inserting 
after section 19 the following new sections: 

"Sec. 20. (a) The National Bureau of Standards shall— 
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PUBLIC LAW 100-235-JAN. 8, 1988 



101 STAT. 1725 



"(1) have the mission of developing standards, guidelines, and 
associated methods and techniques for computer systems; 

"{2) except as described in paragraph (3) of this subsection 
(relating to security standards), develop uniform standards and 
guidelines for Federal computer systems, except those systems 
excluded by section 2315 of title 10, United States Code or 
section 3502(2) of title 44, United States Code; 

"(3) have responsibility within the Federal Government for 
developing technical, managemen*, physical, and administra- 
tive standards and guidelines for the cost-effective security and 
privacy of sensitive information in Federal computer systems 
except — 

"(A) those systems excluded by section 2315 of title 10, 
United States Code, or section 3502(2) of title 44, United 
States Code; and 

"(B) those systems which are protected at all times by 
procedures established for information which has been 
specifically authorized under criteria established by an 
Executive order or an Act of Congress to be kept secret in 
the interest of national defense or foreign policy, 
the primary purpose of which standards and guidelines shall be 
to control loss and unauthorized modification or disclosure of 
sensitive information in such systems and to prevent computer- 
related fraud and misuse; 

"(4) submit standards and guidelines developed pursuant to 
paragraphs (2) and (3) of this subsection, along with rec- 
ommendations as to the extent to which these should be made 
compulsory and binding, to the Secretary of Commerce for 
promulgation under section 111(d) of the Federal Property and 
Administrative Services Act of 1949; 

"(5) develop guidelines for use by operators of Federal com- 
puter systems that contain sensitive information in training 
their employees in security awareness and accepted security 
practice, as required by section 5 of the Computer Security Act 
of 1987; and 

"(6) develop validation procedures for, and evaluate the 
effectiveness of, standards and guidelines developed pursuant to 
paragraphs (1), (2), and (3) of this subsection through research 
and liaison with other government and private agencies. 
"(b) In fulfilling subsection (a) of this section, the National Bureau 
of Standards is authorized — 

"(1) to assist the private sector, upon request, in using and 
applying the results of the programs and activities under this 
section; 

"(2) to make recommendations, as appropriate, to the 
Administrator of General Services on policies and regulations 
proposed pursuant to section 111(d) of the Federal Property and 
Administrative Services Act of 1949; 

"(3) as requested, to provide to operators of Federal computer 
systems technical assistance in implementing the standards and 
guidelines promulgated pursuant to section 111(d) of the Fed- 
eral Property and Administrative Services Act of 1949; 

"(4) to assist, as appropriate, the Office of Personnel Manag - Regulations, 
ment in developing regulations pertaining to training, as re- 
quired by section 5 of the Computer Security Act of 1987; 

"(5) to perform research and to conduct studies, as needed, to 
determine the nature and extent of the vulnerabilities of, and to 
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101 STAT. 1726 PUBLIC LAW 100-235-JAN. 8, 1988 

devise techniques for the cost-effective security and privacy of 
sensitive information in Federal computer systems; and 

"(6) to coordinate closely with other agencies and offices 
(including, but not limited to, the Departments of Defense and 
Energy, the National Security Agencv, the General Accounting 
Office, the Office of Technology Assessment, and the Office of 
Management and Budget)— „ . . „ , •, 

"(A) to assure maximum use of all existing and planned 
programs, materials, studies, and reports relating to com- 
puter systems security and privacy, in order to avoid un- 
necessary and costly duplication of effort; and 

"(B) to assure, to the maximum extent feasible, that 
standards developed pursuant to subsection (a) (3) and (5) 
are consistent and compatible with standards and proce- 
dures developed for the protection of information in Federal 
computer systems which is authorized under criteria estab- 
lished by Executive order or an Act of Congress to be kept 
secret in the interest of national defense or foreign policy. 
"(c) For the purposes of— 

"(1) developing standards and guidelines for the protection of 
sensitive information in Federal computer systems under 
subsections (aXl) and (aX3), and t 

"(2) performing research and conducting studies under 
subsection (bX5), 

the National Bureau of Standards shall draw upon computer system 
technical security guidelines developed by the National Security 
Agency to the extent that the National Bureau of Standards deter- 
mines that such guidelines are consistent with the requirements tor 
protecting sensitive information in Federal computer systems. 
"(d) As used in this section — 

"(1) the term 'computer system — 

"(A) means any equipment or interconnected system or 
subsystems of equipment that is used in the automatic 
acquisition, storage, manipulation, management, move- 
ment, control, display, switching, interchange, trans- 
mission, or reception, of data or information; and 
"(B) includes— 
"(i) computers; 
"(ii) ancillary equipment; 
"(iii) software, firmware, and similar procedures; 
"(iv) services, including support services; and 
"(v) related resources as defined by regulations 
issued by the Adniinistrator for General Services 
pursuant to section 111 of the Federal Property and 
Administrative Services Act of 1949; 
"(2) the term 'Federal computer system — 

"(A) means a computer system operated by a federal 
agency or by a contractor of a Federal agency or other 
organization that processes information (using a computer 
system) on behalf of the Federal Government to accomplish 
a Federal function; and 

"(B) includes automatic data processing equipment as 
that term is defined in section lll(aX2) of the Federal 
Property and Administrative Services Act of 1949; 
"(3) the term 'operator of a Federal computer system means a 
Federal agency, contractor of a Federal agency, or other 
organization that processes information using a computer 
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system on behalf of the Federal Government to accomplish a 
Federal function; 

"(4) the term 'sensitive information' means any information, 
the loss, misuse, or unauthorized access to or modification of 
which could adversely affect the national interest or the con- 
duct of Federal prograirs, or the privacy to which individuals 
are entitled under section 552a of title 5, United States Code 
(the Privacy Act), but which has not been specifically authorized 
under criteria established by an Executive order or an Act of 
Congress to be kept secret in the interest of national defense or 
foreign policy; and 

"(5) the term 'Federal agency' ras the meaning given such 
term by section 3(b) of the Federal Property and Administrative 
Services Act of 1949. 
"Sec. 21. (a) There is hereby established a Computer System 15 use 278g-4. 
Security and Privacy Advisory Board within the Department of 
Commerce. The Secretary of Commerce shall appoint the chairman 
of the Board. The Board shall be composed of twelve additional 
members appointed by the Secretary of Commerce as follows: 

"(1) four members from outside the Federal Government who 
are eminent in the computer or telecommunications industry, 
at least one of whom is representative of small or medium sized 
companies in such industries; 

"(2) four members from outside the Federal Government who 
are eminent in the fields of computer or telecommunications 
technology, or related disciplines, but who are not employed by 
or representative oi' a producer of computer or telecommuni- 
cations equipment; and 

"(3) four members from the Federal Government who have 
computer systems management experience, including experi- 
ence in computer systems security and privacy, at least one of 
whom shall be from the National Security Agency. 
"(b) The duties of the Board shall be— 

"(1) to identify emerging managerial, technical, administra- 
tive, and physical safeguard issues relative to computer systems 
security and privacy; 

"(2) to advise the Bureau of Standards and the Secretary of 
Commerce on security and privacy issues pertaining to Federal 
computer systems; and 

"(3) to report its findings to the Secretary of Commerce, the Reports. 
Director of the Office of Management and Budget, the Director 
of the National Security Agency, and the appropriate commit- 
tees of the Congress. „ , ^ , , „ r 
"(c) The term of office of each member of the Board shall be four 
years, except that — 

"(1) of the initial members, three shall be appointed for terms 
of one year, three shall be appointed for terms of two years, 
three shall be appointed for terms of three years, and three 
shall be appointed for terms of four years; and 

"(2) any member appointed to fill a vacancy in the Board shall 
serve for the remainder of the term for which his predecessor 
was appointed. 

"(d) The board shall not act in the absence of a quorum, which 
shall consist of seven members. 

"(e) Members of the Board, other than full-time employees of the 
Federal Government, while attending meetings of such committees 
or while otherwise performing duties at the request of the Board 
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101 STAT. 1728 



PUBLIC LAW 100-235— JAN. 8, 1988 



National Bureau 
of Standards Act. 
15 USC 271 note. 



President of U.S. 



Federal 

Register, 

publication. 



Federal 

Register, 

publication. 



Chairman while away from their homes or a regular place of 
business, may be allowed travel expenses in accordance with sub- 
chapter I of chapter 57 of title 5, United States Code. 

"(f) To provide the staff services necessary to assist the Board in 
carrying out its functions, the Board may utilize personnel from the 
National Bureau of Standards or any other agency of the Federal 
Government with the consent of the head of the agency. 

"(g) As used in this section, the terms 'computer system' and 
'Federal computer system* have the meanings given in section 20(d) 
of this Act."; and 

(3) by adding at the end thereof the following new section: 

"Sec. 23. This Act may be cited as the National Bureau of 
Standards Act/'. 

SEC. 4. AMENDMENT TO BROOKS ACT. 

Section 111(d) oT the Federal Property and Administrative Serv- 
ices Act of 1949 (40 U.S.C. 759(d)) is amended to read as follows: 

"(dXlj The Secretary of Commerce shall, on the basis of standards 
and guidelines developed by the National Bureau of Standards 
pursuant to section 20(a) (2) and (3) of the National Bureau of 
Standards Act, promulgate standards and guidelines pertaining to 
Federal computer systems, making such standards compulsory and 
binding to the extent to which the Secretary determines necessary 
to improve the efficiency of operation or security and privacy of 
Federal computer systems. The President may disapprove or modify 
such standards and guidelines if he determines such action to be in 
the public interest. The President's authority to disapprove or 
modify such standards and guidelines may not be delegated. Notice 
of such disapproval or modification shall be submitted promptly to 
the Committee on Government Operations of the House of Rep- 
resentatives and the Committee on Governmental Affairs of the 
Senate and shall be published promptly in the Federal Register. 
Upon receiving notice of such disapproval or modification, the Sec- 
retary of Commerce shall immediately rescind or modify such stand- 
ards or guidelines as directed by the President. 

"(2) The head of a Federal agency may employ standards for the 
cost-effective security and privacy of sensitive information in a 
Federal computer system within or under the supervision of that 
agency that are more stringent than the standards promulgated by 
the Secretary of Commerce, if such standards contain, at a . mini- 
mum, the provisions of those applicable standards made compulsory 
and binding by the Secretary of Commerce. 

"(3) The standards determined to be compulsory and binding may 
be waived by the Secretary of Commerce in writing upon a deter- 
mination that compliance would adversely affect the accomplish^ 
ment of the mission of an operator of a Federal computer system, or 
cause a major adverse financial impact on the operator which is not 
offset by Government-wide savings. The Secretary may delegate to 
the head of one or more Federal agencies authority to waive such 
standards to the extent to which the Secretary determines such 
action to be necessary and desirable to allow for timely and effective 
implementation of Federal computer systems standards. The head of 
such agency may redelegate such authority only to a senior official 
designated pursuant to section 3506(b) of title 44, United States 
Code. Notice of each such waiver and delegation shall be transmit- 
ted promptly to the Committee on Government Operations of the 
House of Representatives and the Committee on Governmental 



202 



Appendix B Computer Security Act and Related Documents 1 195 



PUBLIC LAW 100-235-JAN. 8, 1988 



101 STAT. 1729 



Affairs of the Senate and shall be published promptly in the Federal 
Register. 

"(4) The Administrator shall revise the Federal information re- Regulations, 
sources management regulations (41 CFR ch. 201) to .be consistent 
with the standards and guidelines promulgated by the Secretary of 
Commerce under this subsection. 

"(5) As used in this subsection, the terms 'Federal computer 
system' and 'operator of a Federal computer system' have the 
meanings given in section 20(d) of the National Bureau of Standards 
Act.". 

SEC. 5. FEDERAL COMPUTER SYSTEM SECURITY TRAINING. 40 USC 759 note. 

(a) In General.— Each Federal agency shall provide for the 
nfandatory periodic training in computer security awareness and 
accepted computer security practice of all employees who are in- 
volved with the management, use, or operation of each Federal 
computer system within or under the supervision of that agency. 
Such training shall be — 

(1) provided in accordance with the guidelines developed 
pursuant to section 20(aX5) of the National Bureau of Standards 
Act (as added by section 3 of this Act), and in accordance with 
the regulations issued under subsection (c) of this section for 
Federal civilian employees; or 

(2) provided by an alternative training program approved by 
the head of that agency on the basis of a determination that the 
alternative training program is at least as effective in accom- 
plishing the objectives of such guidelines and regulations. 

(b) Training Objectives. — Training under this section shall be 
started within 60 days after the issuance of the regulations de- 
scribed in subsection (c). Such training shall be designed— 

(1) to enhance employees' awareness of the threats to and 
vulnerability of computer systems; and 

(2) to encourage the use of improved computer security 
practices. 

(c) Regulations. — Within six months after the date of the enact- 
ment of this Act, the Director of the Office of Personnel Manage- 
ment shall issue regulations prescribing the procedures and scope of 
the training to be provided Federal civilian employees under subsec- 
tion (a) and the manner in v/hich such training is to be carried out. 

SEC. 6. ADDITIONAL RESPONSIBILITIES FOR COMPUTER SYSTEMS 40 USC 759 note. 
SECURITY AND PRIVACY. 

(a) Identification of Systems That Contain Sensitive Informa- 
tion.— Within 6 months after the date of enactment of this Act, 
each Federal agency shall identify each Federal computer system, 
and system under development, which is within or under the super- 
vision of that agency and which contains sensitive information. 

(b) Security Plan.— Within one year after the date of enactment 
of this Act, each such agency shall, consistent with the standards, 
guidelines, policies, and regulations prescribed pursuant to section 
111(d) of the Federal Property and Administrative Services Act of 
1949, establish a plan for the security and privacy of each Federal 
computer system identified by that agency pursuant to subsection 
(a) that is commensurate with the risk and magnitude of the harm 
resulting from the loss, misuse, or unauthorized access to or modi- 
fication of the information contained in such system. Copies of each 
such plan shall be transmitted to the National Bureau of Standards 
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and the National Security Agency for advice and comment A 
summary of such plan shall be included in the agency's five-year 
plan required by section 3505 of title 44, United States Code. Such 
plan shall be subject to disapproval by the Director of the Office of 
Management and Budget. Such plan shall be revised annually as 
necessary. 

40 USC 759 note. SEC. 7. DEFINITIONS. 

As used in this Act, the terms "computer system", "Federal 
computer system", "operator of a Federal computer system", 
"sensitive information", and "Federal agency" have the meanings 
given in section 20(d) of the National Bureau of Standards Act (as 
added by section 3 of this Act). 

40 USC 759 note. SEC. 8. RULES OF CONSTRUCTION OF ACT. 

Nothing in this Act, or in any amendment made by this Act, shall 
be construed — 

(1) to constitute authority to withhold information sought 
pursuant to section 552 of title 5, United States Code; or 
Public (2) to authorize any Federal agency to limit, restrict, regulate, 

information. or control the collection, maintenance, disclosure, use, transfer, 

or sale of any information (regardless of the medium in which 
the information may be maintained) that is— 

(A) privately-owned information; 

(B) disclosable under section 552 of title 5, United States 
Code, or other law requiring or authorizing the public 
disclosure of information; or 

(C) public domain information. 

Approved January 8, 1988. 
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MEMORANDUM OF UNDERSTANDING 
BETWEEN 

THE DIRECTOR OF THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 

AND 

THE DIRECTOR OF THE NATIONAL SECURITY AGENCY 
CONCERNING 

THE IMPLEMENTATION OF PUBLIC LAW 100-235 



Recognizing that : 

A . Under Section 2 of the Computer Security Act of 1987 
(Public Law 100-235), (the Act), the National Institute of 
Standards and Technology (NIST) has the responsibility within the 
Federal Government for: 

1. Developing technical, management, physical, and 
administrative standards and guidelines for the cost-effective 
security and privacy of sensitive information in Federal computer 
systems as defined in the Act; and, 

2. Drawing on the computer system technical security 
guidelines of the National Security Agency (NSA) in this regard 
where appropriate. 

B. Under Section 3 of the Act, the NIST is to coordinate 
closely with other agencies and offices, including the NSA, to 
assure: 

1. Maximum use of all existing and planned programs, 
materials, studies, and reports relating to computer systems 
security and privacy, in order to avoid unnecessary and costly 
duplication of effort; and, 

2. To the maximum extent feasible, that standards developed 
by the NIST under the Act are consistent and compatible with 
standards and procedures developed for the protection of 
classified information in Federal computer systems. 

C. Under the Act, the Secretary of Commerce has the 
responsibility, which he has delegated to the Director of NIST, 
for appointing the members of the Computer System Security and 
Privacy Advisory Board, at least one of whom shall be from the NSA. 

Therefore, in furtherance of the purposes of this MOU, the 
Director of the NIST and the Director of the NSA hereby agree as 
follows ; 
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I. The NIST will: 

1. Appoint to the Computer Security and Privacy Advisory 
Board at least one representative nominated by the Director of the 
NSA. 

2. Draw upon computer system technical security guidelines 
developed by the NSA to the extent that the NIST determines that 
such guidelines are consistent with the requirements for 
protect ing sensitive information in Federa 1 computer systems . 

3. Recognize the NSA-certif ied rating of evaluated trusted 
systems under the Trusted Computer Security Evaluation Criteria 
Program wi thout requ iring additional evaluation. 

4 . Develop te lecommunicat ions secur i ty standards for 
protecting sensitive unclassified computer data, drawing upon the 
expertise and products of the National Security Agency, to the 
greatest extent possible, in meeting these responsibilities in a 
timely and cost effective manne.r . 

5. Avoid duplication where possible in entering into 
mutually agreeable arrangements with the NSA for the NSA support. 

6. Request the NSA's assistance on all matters related to 
cryptographic algorithms and cryptographic techniques including 
but not limited to research, development, evaluation, or 
endorsement . 

II. The NSA will: 

1. Provide the NIST with technical guidelines in trusted 
technology, telecommunications security, and personal 
identification that may be used in cost-effective systems for 
protecting sensitive computer data. 

2. Conduct or initiate research and development programs in 
trusted technology, telecommunications security, cryptographic 
techniques and personal identification methods. 

3. Be responsive to the NIST's requests for assistance in 
respect to all matters related to cryptographic algorithms and 
cryptographic techniques including but not limited to research, 
development , evaluation, or endorsement . 

4 . Establish the standards and endorse products for 
application to secure systems covered in 10 USC Section 2315 (the 
Warner Amendment) . 
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5. Upon request by Federal agencies, their contractors and 
other government-sponsored entities, conduct assessments of the 
hostile intelligence threat to federal information systems, and 
provide technical assistance and recommend endorsed products for 
application to secure systems against that threat. 

III. The NIST and the NSA shall: 

1. Jointly review agency Dylans for the security and privacy 
of computer systems submitted NIST and NSA pursuant to section 
6(b) of the Act. 

2. Exchange technical standards and guidelines as necessary 
to achieve the purposes of the Act. 

3. Work together to achieve the purposes of this memorandum 
with the greatest efficiency possible, avoiding unnecessary 
duplication of effort. 

4. Maintain an cngoing, open dialogue to ensure that each 
organization remains abreast of emerging technologies and issues 
effecting automated information system security in computer-based 
systems . 

5. Establish a Technical Working Group to review and analyze 
issues of mutual interest pertinent to protection of systems that 
process sensitive or other unclassified information. The Group 
shall be composed of six federal employees, three each selected by 
NIST anr* NSA and to be augmented as necessary by representatives 
of other agencies. Issues may be referred to the group by either 
the NSA Deputy Director for Information Security or the NIST 
Deputy Director or may be generated and addressed by the group, 
upon approval by the NSA DDI or NIST Deputy Director. Within 14 
days of the referral of an issue to the Group by either the NSA 
Deputy Director for Information Security or the NIST Deputy 
Director, the Group will respond with a progress report and plan 
for further analysis, if any. 

6. Exchange work plans on an annual basis on all research 
and development projects pertinent to protection of systems that 
process sensitive or other unclassified information, including 
trusted technology, technology for protecting the integrity and 
availability of data, telecommunications security and personal 
identification methods. Project updates will be exchanged 
quarterly, and project reviews will be provided by either party 
upon request of the other party. 

7. Ensure the Technical Working Group reviews prior to 
public disclosure all matters regarding technical systems security 
techniques to be deve loped for use in protecting sensitive 
information in federal computer systems to ensure they are 
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consistent with the national security of the United States. if 
NIST and NSA are unable to resolve such an issue within 60 days, 
either agency may elect to raise the issue to the Secretary of 
Defense and the Secretary of Commerce. It is recognized that such 
an issue may be referred to the President through the NSC for 
resolution. No action shall be taken on such an issue until it is 
resolved. 

8. Specify additional operational agreements in annexes to 
this MOU as they are agreed to by NSA and NIST. 

IV. Either party may elect to terminate this MOU upon six 
months written notice. 

This MOU is effective upon approval of both signatories. 



RAYMOND G. KAMMER 
Acting Director 
National Institute of 
Standards and Technology 



DATE: jff^T g 



Ida 



NaV\ 



W. 0. STUDEMAN 
Vice Admiral, U.S. 

Di rector 
National Security Agency 



DATE: 



A3 AUel 'til 
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UNITED STATES DEPARTMENT Or- COtVllVIERCE 
National Inatitute of Standarda and Technology 
(formerly National Bureau of Standarda] 

OFFICE OP the OiPECTOH 



22 December 1989 



Honorable John Conyers, Jr. 
Honorable Frank Horton 
Committee on Government Operations 
2157 Rayburn House Office Building 
House of Representatives 
Washington, D.C. 20515 

Dear Mr. Chairman and Mr. Horton: 

This is to answer certain questions raised at the hearing on 
May 4, 1989 before your Committee regarding the Memorandum of 
Understanding (MOU) between the National Institute of Standards 
and Technology (NIST) and the National Security Agency (NSA) . As 
Chairman Conyers suggested during the hearing, representatives of 
our two agencies have met with Mr. Milton Socolar and others of 
the General Accounting Office (GAO) to better understand your 
Committee's and GAO»s concerns about the MOU and to clarify the 
intent and proper interpretation of that document. Further, we 
provided Mr. Socolar with a draft of this letter to ensure that 
we have accurately identified the major points of concern raised 
by GAO and your Committee. 

Following another of the Committee's suggestions, we also con- 
tacted witnesses who testified at the hearing to discuss their 
concerns and explain the intent and proper interpretation of the 
MOU. We have attempted also to respond as fully as possible in 
this letter to the concerns raised by those parties. 

One central concern of the witnesses at the hearing, including 
GAO, was that the MOU may have sought to weaken the essential 
purpose of the Computer Security Act of 1987 (the Act) — i : e :' 
to commit entirely to NIST, a civilian agency with the requisite 
expertise, the full responsibility for security standards for 
government computer systems containing unclassified but sensitive 
information* At the outset, let us emphatically assure you that 
our agencies had no such intent* To the contrary, we regard the 
MOU as a document implementing the Act by outlining areas of 
necessary agency interaction in support of the NIST Computer 
Security Program — which Program involves many other activities 
of NIST* But it :.s easy in retrospect to see that a document 
focused solely on points of NSA/NIST interaction might cause a 
false impression of the relative importance within the Program of 
the two agencies 1 activities and roles. NIST's unquestioned 
Program direction, as well as the great bulk of activities which 
are NIST f s exclusive domain — like 9/10ths of an iceberg — 
remained undisplayed in the MOU. 
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Both NIST and NSA are keenly aware of the significant changes in 
the administration of NIST's program that were mandated by the 
Computer Security Act, and fully support the Act and its intent. 
The Act has strengthened the authority of the Secretary of Com- 
merce in the preparation and promulgation of Federal Information 
Processing Standards (FIPS) and guidelines for the protection of 
unclassified information stored in federal computer systems. 
Before the Act was passed, the basic authority for promulgating 
FIPS rested with the President under the Brooks Act, with the 
role of the Secretary of Commerce being delegated through Execu- 
tive Order 11717, Delegated authority is inherently susceptible 
of weakening or re-definition by the delegating official. 

The Act not only placed the government computer security program 
for systems that process sensitive unclassified information 
explicitly and directly into the hands of the Secretary of 
Commerce, but suppressed any erosion of the Secretary's authority 
that might have been threatened by the 1985 promulgation of 
National Security Decision Directive (NSDD) - 145, "National 
Policy on Telecommunications and Automated Information Systems 
Security." NSDD-145 obliged Commerce to submit to an interagency 
review of FIPS just before they were to be issued by the Secre- 
tary — a step viewed by many as undermining Commerce authority 
to issue FIPS and as an* intrusion of military-related agencies, 
particularly NSA, into civilian matters. Finally, NSDD-145, and 
more particularly certain policy documents issued pursuant to it, 
had been interpreted by some to give the Department of Defense 
and NSA authority to make determinations regarding what informa- 
tion in computers required protection. Since passage of the Act, 
it has been recognized that such policies have no applicability 
to systems within the purview of the Act, This recognition is 
reflected in the letter to Chairman Conyers from the Assistant to 
the President for National Security Affairs, dated June 26, 1989, 

Just as important as the direct authority the Act lodged with the 
Secretary of Commerce was the Act f s careful, narrow definition of 
that authority, which implies strict limits on the scope of the 
NIST Computer Security Program, The power of the Secretary is 
limited to promulgating standards and guidelines for hardware and 
software to protect the unclassified but sensitive information 
contained in federal computer systems. The Act confers no power 
to issue any standard regulating the types of information such 
systems may contain or who may be given access to such informa- 
tion. These matters are entirely the responsibility of indivi- 
dual agencies. 

In drafting the MOU, both agencies considered the intent of the 
Computer Security Act to be both paramount and plain. We ac- 
cepted as a given that NIST, not NSA, has the responsibility and 
authority to set security standards applicable to Federal Govern- 
ment computer systems that contain sensitive but unclassif ied 
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information. Similarly clear in our minds was that NSA's role 
v i s - a - v i s the security of these systems is solely to provide the 
benefits of relevant NSA technical expertise for NIST to use as 
it sees fit. Having no confusion regarding the two agencies 1 
basic roles under the Act, we saw no need to recite them in the 
MOU. Nor, as we mentioned above, did we see a need to detail the 
many specific activities or programs NIST may undertake in imple- 
menting the Act. Our purpose was simply to express positively 
(1) the interrelationship between NIST and NSA to implement the 
purposes of the Act, and (2) our understandings regarding NSA 
programs or activities which overlap with or are affected by NIST 
activities under the Act. 

The concerns of GAO focused on four areas in the MOU. In partic- 
ular, GAO viewed the "scope of activities for the Technical 
Working Group it establishes" to be unclear and to raise uncer- 
tainties about the extent of NSA involvement in NIST functions. 
In three other areas, GAO considered the MOU "not clear about the 
respective roles of NSA and NIST." All four areas of concern are 
outlined below, and clarification is provided. The areas primar- 
ily involving no more than an apparent imbalance in the statement 
of agency roles are discussed first. 

a. The inclusion of research and development activities 
for NSA but not for NIST. 

Clarification ; As we explained earlier, the MOU was intended to 
outline only areas of helpful agency interaction in support of 
the NIST Computer Security Program. We did not undertake to 
recite NIST's program direction or its many independent computer 
security-related activities. Such a recitation would have been 
particularly unnecessary in the R&D area because the Act clearly 
gives NIST the authority and duty to conduct research and devel- 
opment. Indeed, NIST does significant computer security R&D and 
expects to continue this work. The provision of the MOU relating 
to R&D was intended: (i) to acknowledge by implication that NSA's 
R&D aimed at securing systems handling classified information may 
apply to the systems whose protection is NIST's responsibility; 
and (ii) to acknowledge that NSA will continue these R&D efforts 
and affirm that NSA will make their results available to NIST as 
appropriate. 

b. The automatic acceptance of NSA evaluations of Trusted 
Systems as sufficient for NIST program purposes. 

Clarification : This provision reflects the understanding and 
intent of Congress in passing the Act that NIST (then NBS) would 
not require computer system developers to put their systems 
through a certification process by NIST after they had passed the 
stringent requirements NSA imposes upon systems handling classi- 
fied materials. Section 4 of the Act mandates the essence of 
this policy by amending section 111(f) of the Federal Property 
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and Administrative Services Act to include a subsection (2) 
reading: 

(2) The head of a Federal agency may employ standards 
for the cost effective security and privacy of sensi- 
tive information in a Federal computer system within or 
under the supervision of that agency that are more 
stringent than the standards promulgated by the Secre- 
tary of Commerce, if such standards contain, at a 
minimum, the provisions of those applicable standards 
made compulsory and binding by the Secretary of 
Commerce . 

As Senator Roth explained: 

... The process of testing and validating [computer 
security] systems for use by the Federal Government, 
particularly our defense and intelligence agencies, is 
very rigorous and can take a long time. Some [private 
firms which are in the business of developing such 
systems] ... were concerned that they might be forced 
to run the gauntlet twice: once through NSA's National 
Computer Security Center and then again through the 
National Bureau of Standards. I have been assured by 
NBS that, once a system has passed muster at NSA's 
Computer Security Center, it would not have to go 
through the NBS process for use by agencies with 
unclassified systems. If the system provides the 
additional safeguarding required for classified 
systems, it would clearly be sufficient for use by 
agencies with unclassified systems. (Cong. Rec. 
S18637, Dec. 21, 1987.) 

The Committee may wonder why our two agencies decided to recite 
in the MOU a policy that primarily benefits third parties — 
i.e., federal "user" agencies and developers of NSA-certi f ied 
systems. The purpose was to assure NSA that NIST will accept NSA 
trusted system evaluations and burden neither^gency with consul- 
tations on superfluous additional protections. Finally, we note 
that although this provision of the MOU indicates that NIST will 
"recognize the NSA-certif ied ratings ... without requiring addi- 
tional evaluation," it is not meant to suggest an identity 
between NIST's criteria and those of NSA. Nor does it require 
that NSA trusted systems criteria be met by systems subject to 
NIST standards. 
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c. Mention in the MOU of NSA's threat 

assessments of information systems without 
corresponding mention of tho NIST role in 
assessing information system vulnerability. 

Clarification : GAO indicated a concern that by mentioning only 
the NSA role in conducting assessments of the hostile intelli- 
gence threat to federal information systems, the MOU "suggests a 
diminution of NIST responsibilities" for assessing computer 
system vulnerability. As we will explain, your Committee can be 
assured that it was not our intent in this or any other part of 
the MOU to diminish NIST's leadership or operating 
responsibilities under the Act. 

Once again we note that the MOU was intended to outline only 
areis of agency interaction — not to recite NIST f s independent 
computer security-related activities. As with R&D, this provi- 
sion of the MOU relates to an area in which both agencies have 
ongoing activities. The NIST responsibility to assess computer 
system vulnerabilities is clear in the Act and its legislative 
history. As then-Chairman Brooks said, the Act "sets up an 
important research program within [NIST] to assess the 
vulnerability of government computers and programs." (Cong. Rec. 
H6017, Aug. ?2, 1986.) NIST is pursuing these activities 
diligently and will continue to do so. 

NSA has a program that draws upon its unique expertise in assess- 
ing hostile intelligence threats. As an adjunct of this program, 
NSA evaluates the vulnerability of computer systems to such 
threats. NSA conducts its hostile intelligence threat and vul- 
nerability assessments upon request of the individual agencies 
that operate computer systems. By noting in the MOU that NSA 
will continue to conduct such assessments upon the request of 
"federal agencies , their contractors and other government- 
sponsored entities," we simply meant to make clear to all con- 
cerned that in cases involving NSA's unique expertise, NIST will 
not, and should not be expected to, duplicate NSA's special role 
of evaluating hostile intelligence threats. The phrase "hostile 
intelligence threats" is understood by both agencies as a refer- 
ence to the threat of foreign exploitation. 

d. The scope of activities of the Technical Working Group. 

This concern of GAO, shared by Committee staff, is more complex. 
As Mr. Socolar explained it in his testimony: 

Section III. 5 of the MOU establishes a Technical 
Working Group to review and analyze issues of mutual 
interest pertinent to protection of systems that 
process sensitive, unclassified information. The group 




ERIC 



206 1 Information Security and Privacy in Network Environments 



will consist of six federal employees, three each 
selected by NIST and NSA. Under section I II. 7, the 
group will review, prior to public disclosure, all 
matters regarding technical security systems techniques 
to be developed for use in protecting sensitive infor- 
mation to ensure they are consistent with the national 
security. If tolST and NSA are unable to resolve an 
issue within 60 days, either agency may raise the issue 
to the Secretary of Defense and the Secretary of 
Commerce. Such an issue may be referred to the 
President through the National Security Council (NSC) 
for resolution. The MOU specifies that no action is to 
be taken on such an issue until it is resolved. 
These provisions appear to give NSA more than the 
consultative role contemplated under the Act. They 
seem to give NSA an appeal process — through the 
National Security Council — leading directly to the 
President should it disagree with a proposed NIST 
standard or guideline. The Act provides that the 
President may disapprove any such guidelines or stan- 
dards promulgated by the Secretary of Commerce, that 
this disapproval authority cannot be delegated, and 
that notice of any such disapproval or modification 
must be submitted to the House Committee on Government 
Operations and the Senate Committee on Governmental 
Affairs. Under section III. 7 of the MOU, it appears 
that an avenue has been opened wh|ch would invite 
presidential disapproval or modification of standards 
and guidelines in advance of promulgation by the Secre- 
tary without proper notification to the Congress. 

Here Mr. Socolar correctly noted that in NIST's view (which is 
shared by NSA) the provision defining the Working Group's 
function as being to "review matters ... to be developed " limits 
the scope of the "appeal process" to proposed research and devel- 
opment projects in new areas. However, he responded to this 
point by saying: 

If this provision pertains only to research and devel- 
opment, it still gives NSA a significant role in what 
were to be NIST functions under the Act. NSA could 
cause significant delay of a project NIST deems war- 
ranted, and it would appear that in matters of disa- 
greement, Commerce has placed itself in a position of 
having to appeal to the President regardless of its own 
position. 

Clarification : The Technical Working Group provides the essen- 
tial structure within which NIST and NSA can conduct the techni- 
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cal discussions and exchange contemplated by the Act, As we 
explain below: 

(i) its balanced membership reflects the balanced, two-way 
nature of technical consultations required by the Act: and 

(ii) the "appeal mechanism" in the MOU is consistent with 
normal NIST procedures which the Act contemplates will be 
used in implementing the Computer Security Program, and in 
any case is a prudent exercise of Commerce Department dis- 
cretion to carry out the purposes of the Act. 

With this explanation, we hope the Committee will understand that 
neither the Working Group provisions of the MOU nor its "appeals 
procedure" are intended to dilute NIST control over its Computer 
Security Program or are likely to have that effect. 

The Working Group is established within the framework of Section 
III of the MOU, which addresses a number of technical areas of 
mutual NIST and NSA interest and responsibility under the Act. 
Such areas within the Act include, for example, section 6 which 
requires operators of federal computer systems containing sensi- 
tive but unclassified information to forward their system 
security plans "for advice and comment" not only to NIST, but 
directly to NSA as well. Even more importantly, the Act 
contemplates two-way interagency communication of technical 
computer security information and ideas — not just from NSA to 
NIST or vice versa, and not just about NIST's program. 

While the Act puts NIST in full charge of the Computer Security 
Program, it wisely avoids requiring interagency technical consul- 
tations on computer security matters to be exclusively one-way 
communications. In addition to NSA's consultative role to NIST, 
the Act not only contemplates, but requires, that each agency 
consult with the other in developing its programs. As former OMB 
Director James Miller assured Congress: "When developing techni- 
cal security guidelines, NSA will consult with TNIST] to deter- 
mine how its efforts can best support [NIST's program] require- 
ments." (Cong. Rec. S18636, Dec. 21, 1987.) 

If the Act had adopted a one-way approach, we would likely soon 
find ourselves with unrelated and possibly incompatible sets of 
computer security standards, or at least with considerable over- 
lapping and duplication of effort in this area. As Senator Leahy 
explained at the time of Senate consideration of the bill: 

This legislation does not mandate or even urge the 
establishment of two sets of data security standards or 
systems. Instead, it provides a framework for recog- 
nizing and reconciling the sometimes differing security 
needs of these distinct communities. (Id.) 
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Apart from the need to establish a process for consultation on 
technical systems securicy matters, the parties recognized that 
the public development or promulgation of technical security 
standards of specific types, particularly regarding cryptography, 
could present a serious possibility of harm to the national 
security. Such problems need to be identified and resolved 
before the public becomes involved in the standards development 
process . 

Issues in this narrow class are the only matters to which the 
"appeals process" of section III. 7 applies. These problems are 
outside the category of "sensitive but unclassified" matters of 
sole concern to NIST and well within the national security frame- 
work of concern to NSA, other Executive Branch agencies and the 
— esident. GAO, your Committee staff and others with whom we 
have spoken in connection with the MOU readily acknowledge the 
potential national security impact of premature or inappropriate 
agency action in the computer security area. 

The NIST procedures allow complete public involvement at a very 
early stage in the standards research and development process — 
usually years before a standard is promulgated as a result of a 
particular effort. By and large, when NIST and NSA first discuss 
a possible new standard or technique from a technical standpoint, 
its actual promulgation is a very distant potential. Indeed, it 
is at this stage that Commerce normally consults with OMB, and 
potentially with the President, .about funding for significant 
research efforts. The appeals procedure is hardly distinguish- 
able from those consultations — since either procedure can 
result in dropping or modifying a proposed course of action. 
Although we fuily understand GAO's and your Committee's concern 
and careful oversight of this matter in light of the purposes of 
the Act, the appeals procedure will not in practice "invite 
Presidential disapproval or modification of standards and guide- 
lines without proper notification to the Congress." 

Nor has Commerce, by agreeing to such a procedure, bound itself 
to anything "regardless of its position." Under no circumstances 
would Commerce consider taking an action in the computer security 
area which, due to an unresolved issue involving technical 
methods, might harm the national security. Thus, only to the 
most trivial and theoretical degree can it be said that Commerce, 
by agreeing to resolve such issues before acting in this area, 
has diluted its responsibility for the promulgation of standards 
and guidelines. 

We wish to emphasize to the Committee that the "national secur- 
ity" nexus that must be present under paragraph III. 7 completely 
precludes appeals of issues of any other type. Finally, the 
mention of the National Security Council in paragraph III. 7 of 
the MOU does not imply any role for the NSC staff in considering 
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such issues and, most emphatically, not in the computer security 
standard setting process. This reference to the NSC was made 
only to suggest that it is likely that this- statutory body con- 
sisting of the Prepident, Vice President, Secretary of State, and 
Secretary of Defence would be the appropriate body to advise the 
President on the national security matters that may arise in this 
context. Moreover, for consideration of such issues, the 
National Security Council would undoubtedly be augmented by the 
Secretary of Commerce. 

With this background, it should be clear that the MOU does not, 
as some have suggested, give NSA a "veto" over NIST activities or 
over its promulgation of standards and guidelines. The appeals 
procedure simply ensures that certain issues can be resolved in a 
timely fashion so that the Program can proceed smoothly. 

Our conversations with private sector witnesses have revealed 
that many of their concerns coincided with or were similar to 
those identified by the GAO, and thus are addressed above. 
One additional area of concern they raised, which was echoed by 
some of the staff of your Conuuittee, was that the MOU might in 
some way undercut existing legal controls on NSA's abilities to 
conduct electronic surveillance, or otherwise empower NSA to use 
the NIST Computer Security Program for purposes outside the scope 
of that Program. We can assure everyone concerned that such 
misuse is simply not possible — because NIST, which has no 
intelligence or military functions, is in charge of this Program, 
and the Program does nothing more than develop standards for 
protecting certain information systems. Moreover, the Program 
has been, and will continue to be, implemented in full compliance 
with all applicable laws, including the Privacy Act and the 
Freedom of Information Act. 

To ensure that our successors and others can read the MOU in 
light of our intent and the clarification we provide in this 
letter, we are appending this letter to the MOU. We hope this 
has fully answered the questions raised by your Committee and the 
others who have indicated similar concerns. We are confident 
that the NIST/NSA implementation of the MOU over the coming 
months and years will lay to rest concerns that NIST and NSA may 
not adhere to their respective roles under the Act. 
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THE SECRETARY Of COMMERCE 

Washington. 0 C 20?30 

FEB rv 



Honorable John Conyers 
Chairman, Committee on 

Government Operations 
House of Representatives 
Washington, D.C. 20515 

Dear Mr. Chairman: 



This letter responds to your inquiry about the Memorandum of 
Understanding (MOU) between the National Institute of Standards 
and Technology (NIST) and the National Security Agency (NSA) 
relating to the Computer Security Act. 

We have worked diligently to address the concerns that you have 
expressed about the MOU. In a letter to you from NIST and NSA dated 
December 22, 1989, we responded to each specific concern and explained 
why we believe the MOU is consistent with the principles of the 
Computer Security Act. We have also fully considered additional 
points that were raised orally by the Committee staff after our 
submission of the joint NIST/NSA letter to the Committee. For reasons 
explained in the enclosed paper, the concerns expressed by the staff 
have not changed our opinion that the MOU, particularly when read in 
conjunction with our subsequent letter, properly carries out both the 
letter of the law and the intent of the Congress* 

I hope that the enclosed paper will allay your remaining concerns 
about specific provisions of the MOU* But in any event, because of 
the importance of this issue, 1 have asked Deputy Secretary Thomas 
Murrin to act on my behalf in this matter and to meet with you and 
Congressman Horton to discuss the issues regarding this Department's 
commitment to the principles of the Computer Security Act. 

Your letter also requests copies of all documents relating to 
topics addressed by the Technical Working Group established by the 
MOU. I suggest chat we await the outcome of your meeting with Deputy 
Secretary Murrin before we address our response to your request. 

I have asked my Assistant Secretary for Legislative and Inter- 
governmental Affairs, William FrJ^rts^ to get in touch with your office 
shortly to set up a time for thas meeting. 





Robert A. Mosbacher 



Enclosure 

cc: Honorable Frank Horton 
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COMPUTER SECURITY ~ NIST/NSA MEMORANDUM OF UNDERSTANDING 
Matters Raised by House Government Operations Committee Staff 
at Meeting on January 3, 1990 



On January 3, 1990, Commerce staff met with staff of the Govern- 
ment Operations Committee, at their request, to discuss the joint 
letter signed December 22, 1989, by NIST and NSA* Th3 Committee 
staff expressed dissatisfaction with the joint NIST/NSA letter 
and said they believed there were still substantive problems in 
the MOU. The Committee staff f s concerns were: 

o that the MOU sets up a Technical Working Group which 
they believe serves only to delay NIST's computer 
security work, and which inappropriately has taken up 
matters that are not limited to national security 
issues* 

o that the MOU inappropriately "invites 11 NSA to initiate 
R&D applicable solely to the NIST program* 

o that the MOU should provide for NIST's oversight of the 
"cost effectiveness" of agency decisions to use systems 
NSA has certified for handling classified materials 
before accepting these highly-protected systems as 
automatically meeting NIST standards* 

o that the MOU should provide that NSA cannot respond to 
agency requests to assess hostile intelligence threats 
to computer systems without going "through" NIST* 

This paper addresses each in turn* 



TECHNICAL WORKING GROUP 

The Committee staff indicated that they believe the Technical 
Working Group (TWG) set up by the MOU serves only to delay NIST 
in developing standards and noted that the TWG has not enter- 
tained only matters which (in the words of the joint NIST/NSA 
letter) "could present a serious possibility of harm to the 
national security*" 

Comment . Rather than being a source of delay, the TWG is a 
critical aid to the NIST program. As explained in the 
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December 22 letter, the TWG "provides the essential structure 
within which NIST and NSA can conduct the technical discussions 
and exchange contemplated by the [Computer Security] Act." We 
cited legislative history of the Act showing that Congress 
recognized the need for technical consultations between NIST and 
NSA to reconcile the differing security needs of the distinct 
communities these agencies serve, while avoiding duplication of 
effort or the development of unrelated and possibly incompatible 
sets of standards. For these reasons we believe it clear that 
the TWG — or something like it — was not only contemplated by 
the Computer Security Act, but is indispensable to fulfilling the 
Act's mandate. 

Also, the TWG does not consider only matters having special 
national security implications. The December 22 letter explained 
that the TWG considers all technical computer security matters of 
mutual interest to NIST and NSA, while the national security 
restriction serves only to limit the scope of masters subject to 
the "appeals process." The TWG has considered several issues, 
but the appeals process has not been used to date. 



WHETHER THE MOU INVITES NSA R&D 
WITH APPLICABILITY SOLELY TO NIST'S PROGRAM 

The staff re-affirmed its belief that the provision of the MOU 
relating to NSA computer security research invites NSA to self- 
initiate R&D solely to provide security measures for computer 
systems under NIST's jurisdiction. 

Comment . As we noted in the joint NIST/NSA letter, this provi- 
sion was intended simply to acknowledge that NSA research may 
have applicability to systems whose protection is NIST's respon- 
sibility — and to affirm that NSA will continue its research 
efforts and make their results available to NIST as appropriate. 
Since the provision does not speak to the issue of NSA self- 
initiation of R&D solely for NIST program use, and since both 
agencies have disclaimed such a meaning in an official letter of 
clarification of the MOU, we see no remaining basis for this 
interpretation . 

Furthermore, research with applicability solely to computers 
handling sensitive but unclassified materials would be rare. 
Most computer security research deals with technical problems, 
hardware, or methods whose applicability to a particular system 
would not depend on the type of information the system contains. 
Thus, almost all research NSA might undertake would have at least 
potential applicability to both agencies* programs. 
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ACCEPTANCE OF NSA-CERTIFIED SYSTEMS 
AS MEETING NIST STANDARDS 

The staff argued that instead of automatically accepting NSA- 
certified systems as meeting our standards, NIST has a duty to 
determine (or set criteria for determining) whether the NSA- 
certified system is "cost-effective" for the agency involved. 
The words "cost effective" in section 4 of the Computer Security 
Act were cited as supporting the existence of this duty. 

Section 4 amended section 111(d) of the Federal Property and 
Administrative Services Act to include a section reading: 

(2) The head of a Federal agency may employ standards 
for the cost effective security and privacy of sensi- 
tive information in a Federal computer system . . . that 
are more stringent than the standards promulgated by 
the Secretary of Commerce, if such standards contain, 
at a minimum, the provisions of those applicable 
standards made compulsory and binding by the Secretary 
of Commerce. (Emphasis added; currently codified at 40 
U.S.C. 111(d).) 

' Comment . At the hearing last May, the GAO witness questioned the 
general policy stated in the MOU concerning NIST's automatic 
acceptance of NSA-certif ied systems. Our letter responded by 
showing that this was a positive legal requirement. The Commit- 
tee staff did not challenge that demonstration, but implied that 
the cost effectiveness of an agency's decision to use the more 
stringent NSA safeguard is an exception to this requirement and 
something NIST should oversee. 

First, we note that this issue really does not involve the KOU, 
which deals only with matters between NIST and NSA. If NIST were 
to set cost-effectiveness criteria, it would do so through 
rulemaking rather than by amending the MOU. 

Second, Congress clearly withheld from NIST the authority to 
determine for other agencies the "cost effectiveness" of their 
decisions to use NSA-certif ied systems. The relevant portion of 
section 4 of the Computer Security Act confers power on the heads 
of agencies generally, and is not directed toward NIST. The Act 
does allow NIST to waive its standards to avoid major adverse 
financial impact on agencies. However, the Act wisely avoids 
conferring upon NIST any general authority, much less a duty, to 
police other agencies 1 spending decisions. NIST, as a science- 
oriented agency, is not well suited for such a role. Also, the 
Act could not require centralized policymaking that has implica- 
tions about which agencies may use which types of computer 
systems without undermining its overall intent to keep such 
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potentially sensitive decisions in the hands of individual 
agencies. 

NIST is concerned with cost-effectiveness, but its responsibility 
for this element is centered on its own standards and guidelines. 
This is reflected in the wording of section 2 of the Act which 
charges NIST with setting " standards and guidelines needed to 
assure the cost-effective security and privacy oil sensitive 
information in Federal computer systems . " 



NSA ASSESSMENTS OF HOSTILE INTELLIGENCE THREATS 

The MOU recites that upon the request of agencies or their 
contractors, NSA will evaluate the susceptibility of computer 
systems to hostile intelligence threats. The staff did not 
question that this is an NSA function. However/ they argued that 
NSA should not do this upon direct agency request, but only 
through NIST , because a theme of the Act was to divorce NSA from 
direct involvement with computer systems handling solely non- 
classified materials* 

C omment * To evaluate this suggestion, it is important to note 
the fundamentally different nature of (a) assessments of the 
vulnerability of computer systems as such, and (b) assessments of 
hostile intelligence threats to such systems* The MOU provision 
on this issue emphasizes that hostile intelligence threat assess- 
ment is uniquely an NSA capability which NIST cannot and should 
not be expected to duplicate. 

The Committee staff suggestion vould inject a NIST referral into 
the process of agency requests for hostile intelligence threat 
assessments by NSA* There would be no point in creating such a 
step unless NIST had some basis for evaluating the need for this 
NSA service* NIST has no expertise in this area and thus no 
basis for judging whether an agency reasonably needs an assess- 
ment of possible hostile intelligence threats to its system* 



0 '>o 



Appendix C: 
Evolution of 
the Digital 
Signature 
Standard C 



INTRODUCTION 

A digital signature (see box 4-4, "What Are Digi- 
tal Signatures?") is used to authenticate the origin 
of a message or other information (i.e., establish 
the identity of the signer) and to check the integri- 
ty of the information (i.e., confirm that it has not 
been altered after it has been signed). Digital sig- 
natures are important to electronic commerce be- 
cause of their role in substantiating electronic 
contracts, purchase orders, and the like. (See 
chapter 3 for discussion of electronic contracts 
and signatures, nonrepudiation services, and so 
forth.) The most efficient digital signature sys- 
tems are based on public-key cryptography. 

On May 19, 1994, the National Institute of 
Standards and Technology (NIST) announced that 
the Digital Signature Standard (DSS) was final- 



ized as Federal Information Processing Standard 
(FIPS) 186. 1 Federal standards activities related 
to public -key cryptography and digital signatures 
had been proceeding intermittently at NIST for 
over 1 2 years. Some of the delay was due to na- 
tional security concerns, regarding the uncon- 
trolled spreading of cryptographic capabilities, 
both domestically and internationally. The most 
recent delay has been due to patent-licensing com- 
plications and the government's desire to provide 
a royalty-free FIPS. 

The algorithm specified in the DSS is called the 
Digital Signature Algorithm (DSA). The DSA 
uses a private key to form the digital signature and 
the corresponding public key to verify the signa- 
ture. However, unlike encryption, the signature 
operation is not reversible. The DSA does not do 



1 NIST, "Digital Signature Standard (DSS)," HPS PUB 186 (Gaithersburg, MD: U.S. Department of Commerce, May 19, 1994 (advance 
copy)). See also Federal Register, vol. 59, May 19, 1 994, pp. 26208- 1 1 for the Department of Commerce announcement "Approval of Federal 
Information Processing Standard (HPS) 186, Digital Signature Standard (DSS). M 

NIST proposed the revised draft DSS in February 1 993; NIST had announced the original version of the proposed DSS in August 1 99 1 . The 
finalized DSS has a larger maximum modulus size (up to 1 ,024 bits). The 1 991 version of the proposed standard had a fixed modulus of 5 1 2 bits. 
Increasing the number of bits in the modulus increases strength, analogous to increasing the key size. 
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public-key encryption, 2 and the DSS does not pro- 
vide capabilities for key distribution or key ex- 
change. 3 

There is at present no progress toward a federal 
standard for public-key encryption, per se, and it 
appears unlikely that one will be promulgated. 4 
Work had been proposed for a new key-manage- 
ment standard, but as of June 1994, NIST was not 
pursuing a new FIPS for key management or key 
exchange. 5 The combination of the DSS and a 
key-management standard would meet user needs 
for digital signatures and secure key exchange, 
without providing a public-key encryption stan- 
dard, per se. 6 The implementation of the Es- 
crowed Encryption Standard (EES) algorithm that 
is used in data communications — in the Capstone 
chip — also contains a public-key Key Exchange 
Algorithm (KEA). 7 However, this KEA is not part 
of any FIPS. 8 Therefore, individuals and orga- 
nizations that do not use the Capstone chip (or the 
TESSERA card, which contains a Capstone chip) 



will still need to select a secure form of key dis- 
tribution. 9 

The National Bureau of Standards (NBS, now 
NIST) published a "Solicitation for Public Key 
Cryptographic Algorithms" in the Federal Regis- 
ter on June 30, 1982. According to the results of 
a classified investigation by the General Account- 
ing Office (G AO), NIST abandoned this standards 
activity at the request of the National Security 
Agency (NSA). According to GAO: 

RSA Data Security, Inc., was willing to ne- 
gotiate the rights to use RSA [named for the in- 
ventors of the algorithm, Drs. Ronald Rivest, 
Adi Shamir, and Leonard Adleman] — the most 
widely accepted public-key algorithm — as a 
federal standard, according to a NIST represen- 
tative. NSA and NIST met several times to dis- 
cuss NSA concerns regarding the 1982 
solicitation. However, NIST terminated the 
public-key cryptographic project because of an 
NSA request, according to a 1987 NIST memo- 



2 The DSS docs not specify an encryption algorithm; encryption is a "two-way" function that is reversible, viadecryption. The DSS specifics 
a "one-way" function. The DSS signature is generated from a shorter, "digest" of the message using a private key, but the operation is not revers- 
ible. Instead, the DSS signature is verified using the corresponding public key and mathematical operations on the signature and message digest 
that are different from decryption. Burton Kaliski, Jr., Chief Scientist, RSA Data Security. Inc., ^!rsonal communication. May 4, 1994. 

3 According to F. Lynn McNulty, Associate Director for Computer Security. NIST, the rationale for adopting the technique used in the DSS 
was that, "We wanted a technology that did signatures — and nothing else — very well." (Response to a question from Chairman Rick Boucher in 
testimony before the Subcommittee on Science, Committee on Science. Space, and Technology, U.S. House of Representatives. Mar. 22. 1 994.) 

4 See U.S. General Accounting Office, Communications Privacy: Federal Policy and Actions, G AO/OS I -94-2 (Washington. DC: U.S. Gov- 
ernment Printing Office, November 1993). pp. 19-20. 

5 F. Lynn McNulty. Associate Director for Computer Security. NIST, personal communication. May 25, 1994. 

There is a 1992 FIPS on key management tha» uses the Data Encryption Standard (DES) in point-to-point environments where the parties 
share a key-encrypting key that is used to distribute other keys. NIST. "Key Management Using ANSI X9.17," F1PSPUB 171 (Gaithersburg. 
MD: U.S. Department of Commerce, Apr. 27, 1992). This FIPS specifies a particular selection of options for federal agency use from the ANSI 
X9. 17- 1985 standard for "Financial Institution Key Management (Wholesale)." 

6 But the ElGamal algorithm upon which the DSS is based does provide for public-key encryption. Stephen T. Kent. Chief Scientist. Bolt 
Beranek and Newman, Inc., personal communication. May 9, 1994. 

7 The Capstone chip is used for data communications and contains the EES algorithm (called SKIPJACK), as well as digital signature and 
key exchange functions. (The Clipper chip is used in telephone systems and has just the EES algorithm.) TESSERA is a PCMCIA card with a 
Capstone chip inside. It includes additional features and is being used in the Defense Message System. Clinton Brooks. Special Assistant to the 
Director. National Security Agent?, personal communication. May 25. 1994. 

8 Miles Smid. Manager. Security Technology Group. NIST. personal communication. May 20. 1994. 

9 One public-key algorithm that can be used for key distribution is the "RSA" algorithm; the RSA algorithm can encrypt. (The RSa system 
was proposed in 1978 by Rivest. Shamir, and Adleman.) The DifTic-Hcllman algorithm is another method that can be used for key generation 
and exchange, but does not encrypt. The public-key concept was first published by Whitfield Diffie and Martin Hellman in "New Directions in 
Cryptography." IEEE Transaction on Information Theory, vol. IT- 22. No. 6. November 1976, pp. 644-654. Diffie and Hellman also described 
how such a system could be used for key distribution and to "sign" individual messages. 
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randum. The 1 982 NIST solicitation was the last 
formal opportunity provided for industry, acade- 
rnia, and others to offer public-key algorithms 
for a federal standard and to participate in 
the development of a federal public-key stan- 
dard that could support key management/ex- 
change. 10 

CHOICE OF A SIGNATURE TECHNIQUE 
FOR THE STANDARD 

In May 1989, NIST again initiated discussions 
with NSA about promulgating a public-key stan- 
dard that could be used for both signatures and key 
exchange. These NIST/NSA discussions were 
conducted through the Technical Working Group 
(TWG) mechanism specified in the memorandum 
of understanding between the agencies, which had 
been signed several weeks earlier (see chapter 4). 
According to NIST memoranda, the NIST mem- 
bers of the TWG had planned to select a public- 
key algorithm that could do both signatures and 
key exchange. This plan was terminated in favor 
of a technique developed by NSA that only did 
signatures. 11 A patent application for the DSS 
technique was filed in July 1991; patent number 
5,231,668 was awarded to David Kravitz in July 



1993. The patent specification describes the sig- 
nature method as a variant of the ElGamal signa- 
ture scheme based on discrete logarithms. 12 The 
invention, developed under NSA funding, was as- 
signed to the United States of America, as repre- 
sented by the Secretary of Commerce. 

According to GAO, the NIST members of the 
working group had wanted an unclassified algo- 
rithm that could be made public, could be imple- 
mented in hardware and software, and could be 
used for both digital signatures and key manage- 
ment. 13 NIST and NSA members of the Technical 
Working Group met frequently to discuss candi- 
date algorithms; according to GAO, the NIST 
members preferred the RS A algorithm becausse it 
could perform both functions (i.e., sign and en- 
crypt), but NSA preferred its own algorithm that 
could sign but not encrypt. 14 

At the time these Technical Working Group 
discussions were taking place, many in the private 
sector expected that NIST would release a public- 
key standard — probably based on the RSA algo- 
rithm — as early as 1990. Major computer and 
software vendors were reportedly hoping for a 
federal public-key and signature standard based 
on the RSA technique because it was already in- 



10 General Accounting Office, op. cit., footnote 4, p. 20. 

1 1 General Accounting Office, op. cit., footnote 4, pp. 20-2 1 ; and the series of NIST/NSA Technical Working Group minutes from May 1 989 
to August 1991. published in "Selected NIST/NSA Documents Concerning the Development of the Digital Signature Standard Released in 
Computer Professionals for Social Responsibility v. National Institute of Standards and Technology, Civil Action No. 92-0972" Computer 
Professionals for Social Responsibility, The Third Cryptography and Privacy Conference Source Book, June 1993 (see Note in footnote 14 
below). See also D.K. Branstad and M .E. Smid. "Integrity and Security Standards Based on Cryptography." Computers & Security, vol .1.1 982, 
pp. 255-260; Richard A. Danca, "Torricclli Charges NIST with F<x>t-Dragging on Security." Federal Computer Week, Oct. 8. 1990. p. 9; and 
Michael Alexander, "Data Security Plan Bashed," Computcrworld, July 1, 1991, p. 1 

1 2 Sec: U.S. Patent 5.23 1 .668 (Digital Signature Algorithm; David W. Kravitz). "Background of the Invention." See also Taher ElGamal. "A 
Publ ic Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on information Theory, vol. IT-3 1 . No. 4. 
July 1985. 

13 Sec General Accounting Office, op. cit.. footnote 4. pp. 20-21. 

1 4 Ibid. GAO based this conclusion on NIST memoranda. See also NIST memoranda obtained through Freedom of Information Act (FOl A ) 
litigation and published as "Selected N1ST/NS A Documents." op. cit.. footnote 1 1 . (Note: According to NSA officials, the FOl A*d materials arc 
not a true picture of all the different levels of discussion that took place during this period, when NIST management and NSA were in agreement 
regarding the development of a signature standard. Clinton Brooks, Special Assistant to the Director. NSA. personal communication, May 25. 
1994.) 



ERLC 



225 

BEST COPY AVAILABLE 



218 1 Information Security and Privacy in Network Environments 



eluded in their products, and they hoped they 
would not have to support both a federal standard 
and a de facto industry standard (RSA), 15 NIST's 
announcement that it would instead propose a dif- 
ferent technology as the standard was greeted with 
severe industry criticisms and industry announce- 
ments of plans to jointly affirm RSA as the de fac- 
to industry signature standard. 16 

NIST proposed the original version of the DSS 
(with the NSA algorithm and a 512-bit modulus) 
in the Federal Register in August 1991. 17 NIST's 
August 1991 request for comments generated a 
number of severe criticisms during the initial 
comment period and afterward. Criticisms fo- 
cused on both the choice of signature method 18 it- 
self and the process by which it was selected, 
especially NSA's role, Countering allegations that 
NSA had dictated the choice of standard, F, Lynn 
McNulty (Associate Director for Computer Secu- 
rity, NIST) stated that: 

NIST made the final choice. We obtained 
technical assistance from NSA, and we received 



technical inputs from others as well, but [NIST] 
made the final choice. 19 

McNulty also pointed to the fact that NSA had ap- 
proved the DSS for use with some classified data 
as proof of its soundness. 

In early 1992, the Computer System Security 
and Privacy Advisory Board (CSSPAB) advised 
NIST to delay a decision on adopting a signature 
standard pending a broad national review on the 
uses of cryptography. 20 Noting the significant 
public policy issues raised during review of the 
proposed signature standard, the CSSPAB unani- 
mously approved a resolution to the effect that: "a 
national level public review of the positivi and 
negative implications of the widespread use of 
public and secret key cryptography is required" in 
order to produce a i4 national policy concerning the 
use of cryptography in unclassified/sensitive gov- 
ernment [sic] and the private sector" by June 
1993, 21 The CSSPAB also approved (but not 
unanimously) a resolution that the Secretary of 



15 Industry supporters of a federal signature standard based on RSA included Digital Equipment Corp., Lotus Development Corp., Motoro- 
la, Inc., Novell, Inc., and, of course, RSA Data Security. Inc. Ellen Messmcr, "NIST To Announce Public Key Encryption Standard," Network 
World, July 23, 1 990, p. 7; and G. Pascal Zachary, "U.S. Agency Stands in Way of Computer-Security Tool," The Wall Street Journal, July 9, 
1990. 

' 16 Critics claimed the technique was too slow for commercial use and did not offer adequate protection. At least six major computer vendors 
(Novell, Inc., Lotus Development Corp., Digital Equipment Corp., Sun Microsystems, Inc., Apple Computer, Inc., and Microsoft Corp.) had 
endorsed or were expected to endorse RSA's signature system. Michael Alexander, "Encryption Pact in Works," Computerworld, Apr, 15, 
1 991 ; and Michael Alexander, "Data Security Plan Bashed," Computerworld, July 1 , 1 991 , p. 1 . (Note: The original technique was refined to 
offer more security by increasing the maximum size of the modulus.) 

1 7 Federal Register, Aug. 30, 1 99 1 , pp. 42980-82. NIST's announcement of the proposed standard stated the intention of making the DSS 
technique available worldwide on a royalty -free basis in the public interest. NIST stated the opinion that no other patents would apply to the DSS 
technique. 

18 The final DSS technique specified in the standard is stronger than the one originally proposed; in response to public comment, the maxi- 
mum modulus size was increased. 

19 Richard A. Danca, "NIST Signature Standard Whips Up Storm of Controversy from Industry," Federal Computer Week, Sept. 2, 1991 . 
p. 3. 

20 Minutes of the Mar. 1 7- 1 8, 1 992 meeting of the CSSPAB (available from NIST). See also Darryl K.Taft, "Board Finds NIST's DSS Unac- 
ceptable," Government Computer News, Dec. 23, 1991. pp. 1.56; and Kevin Power, "Security Board Calls for Delay on Digital Signature," 
Government Computer News, Mar. 30, 1 992, p. 114. In the public comments, negative responses outnumbered endorsements of the DSS by 90 
to 13 (Power, ibid.). 

21 CSSPAB Resolution No. 1 of Mar. 18, 1992. The CSSPAB endorsed the National Research Council's study of national cryptography 
policy that was chartered in Public Law 103- 160 as the study that "best accomplishes" the board's "repeated calls" (in Resolution No. 1 and 
subsequently) for a national review. CSSPAB Resolution 93-7, Dec. 8-9, 1993. 
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Commerce should only consider approval of the 
proposed DSS upon conclusion of the national 
review, 22 and unanimously approved another res- 
olution that the board defer making a recommen- 
dation on approval of the proposed DSS pending 
progress on the national review 23 

Criticism of the 1991 version of the proposed 
DSS — targeted at technology and process — con- 
tinued to mount. At hearings held by the House 
Subcommittee on Economic and Commercial 
Law in May 1 992, G AO testified that the DSS (at 
that time, with a 512-bit modulus) offered such 
weak protection that it raised questions as to 
whether "any practical purpose would be served" 
by requiring federal agencies lo use it, especially 
since the private sector would continue to use the 
more effective commercial products on the mar- 
ket. Other questions and concerns were targeted 
more generally at U.S. cryptography policies and 
the extent to which NIST "had the clout" to resist 
pressure from NSA and the Federal Bureau of 
Investigation, or "had the upper hand" in negoti- 
ations and standards-setting procedures. The 
Computer Professionals for Social Responsibility 
(CPSR) noted that NIST was required by the 
Computer Security Act to develop "cost-effec- 
tive" methods to safeguard information. Because 
the chosen DSS technique did not provide confi- 



dentiality, CPSR questioned the extent to which 
NSA's interest in signals intelligence dictated the 
choice of technology. 24 

During this period, NIST continued to work on 
a revised version of the DSS, strengthening it by 
increasing the maximum size of the modulus (up 
to 1,024 bits). Ways were found to implement the 
algorithm more efficiently. 25 A companion hash- 
ing (i.e., condensing) standard was issued; hash- 
ing is used to create the condensed message digest 
that is signed 26 NIST also formed an interagency 
group to study how to implement DSS, and con- 
tracted with MITRE 27 to study alternatives for au- 
tomated management of public keys used for 
signatures. 28 The revised draft DSS was issued in 
February 1993 as FIPS Publication XX. 

While NIST pursued the Digital Signature 
Standard, Computer Professionals for Social Re- 
sponsibility sought to obtain NIST memoranda 
documenting the NIST/NSA Technical Working 
Group discussions related to the DSS and the 
aborted federal public-key standard. CPSR 
charged that the DSS was purposely designed to 
minimize privacy protection (i.e., encryption ca- 
pabilities) and that the actions of NIST and NS A's 
had contravened the Computer Security Act of 
1 987. CPSR based these charges on documents re- 



22 CSSPAB Resolution No. 2 of Mar. 18, 1992. 

23 CSSPAB Resolution No. 3 of Mar. 18, 1992. 

24 See Kevin Power, "DSS Security Weak, GAO Official Testifies," Government Computer News, May 1 1 , 1992, pp. 1 , 80. The hearings 
were held on May 8, 1 992. (Note: Discussion of strength and efficiency is in the context of the original ( 1 99 1 ) proposal, with a 5 1 2-bit modulus.) 

25 Sec E.F. Brickcll et al., "Fast Exponentiation with Prccomputation" Advances in Cryptology—Eurocrypt 4 92, R.A. Rueppel (ed.) (New 
York, NY: Springer- Vcrlag, 1992), pp. 200-207. 

26 NIST, "Secure Hash Standard," FIPS PUB 1 80, (Gaithcrsburg, MD: U.S. Department of Commerce, May 1 1 , 1993). The Secure Hash 
Algorithm specified in the hash standard may be implemented in hardware, software, and/or firmware. It is subject to Department of Commerce 
export controls. (See also Ellen Messmer, "NIST Stumbles on Proposal for Public-Key Encryption," Netnvrk World, July 27, 1992, pp. 
1,42-43.) 

In April 1994, NIST announced a technical correction to the Secure Hash Standard. NSA had developed the mathematical formula that 
underlies the hash standard; NSA researchers subsequently discovered a "minor flaw" during their continuing evaluation process. (NIST media 
advisory, Apr. 22, 1 994.) According to NIST, the hash standard, "while still very strong, was not as robust as we had originally intended" and 
was being corrected. Raymond Kammcr, Deputy Director, NIST, Testimony Before the Senate Committee on the Judiciary, May 3, 1 994, p. 11 . 

27 MITRE Corp., "Public Key Infrastructure Study (Final Report)," April 1994. (Available from NIST.) 

28 The final DSS notes that: "A means of associating public and private key pairs to the corresponding users is required...[A] certifying 
authority could sign credentials containing a user's public key and identity to form a certificate. Systems for certifying credentials and distribut- 
ing certificates arc beyond the scope of this standard. NIST intends to publish separate documcnt(s) on certifying credentials and distributing 
certificates." NIST, FIPS PUB 1 86, op. cit., footnote 1 , p. 6. 
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chived from NIST after litigation under the Free- 
dom of Information Act, 29 and asked the House 
Judiciary Committee to investigate. 30 

As part of the Defense Authorization Bill for 
FY 1 994, the Committees on Armed Services, In- 
telligence, Commerce, and the Judiciary have 
asked the National Research Council to undertake 
a classified, two-year study of national policy 
with respect to the use and regulation of cryptog- 
raphy. 31 The study is expected to be completed in 
summer 1996 and has been endorsed by the 
CSSPAB as best accomplishing its repeated calls 
for a broad national review of cryptography. 32 

PATENT PROBLEMS FOR THE DSS 

Patents had always been a concern in developing 
any federal public-key or signature standard. One 
reason NIST gave for not selecting the RS A sys- 
tem as a standard was the desire to issue a royalty- 
free FIPS. A royalty-free standard would also be 
attractive to commercial users and the internation- 
al business community. An approach using RSA 
technology would have required patent licenses. 
When the inventors of the RSA, Ronald Rivest, 
Adi Shamir, and Leonard Adleman, formed RSA 
Data Security, Inc. in 1982. they obtained an ex- 
clusive license for their invention 33 from the Mas- 
sachusetts Institute of Technology (MIT), which 
had been assigned rights to the invention. 

Other patents potentially applied to signature 
systems in general. In the early 1 980s, several pio- 



neer patents in public-key cryptography had been 
issued to Whitfield Diffie, Martin Hellman, Ste- 
phen Pohlig, and Ralph Merkle, all then at Stan- 
ford University. Although the government has 
rights in these inventions and in RSA, because 
they had been developed with federal funding, 
royalties for commercial users would have to be 
negotiated if a federal standard infringed these 
patents. 34 Another patent that was claimed by the 
grantee to apply to the DSS technique had been is- 
sued to Claus Schnorr in 1991, and the govern- 
ment did not have rights in this invention. 35 

Stanford and MIT granted Public Key Partners 
(PKP) exclusive sublicensing rights to the four 
Stanford patents and the RSA patent. PKP also 
holds exclusive sublicensing rights to the Schnorr 
patent. 36 It is a private partnership of organiza- 
tions (including RSA Data Security, Inc.) that de- 
velops and markets public-key technology. In an 
attempt to minimize certain royalties from use of 
the DSS, NIST proposed to grant PKP an exclu- 
sive license to the government's patent on the 
technique used in the DSS. What was proposed 
was a cross-license that would resolve patent dis- 
putes with PKP, without lengthy and costly litiga- 
tion to determine which patents (if any) were 
infringed by DSS. PKP would make practice of 
the DSS technique royalty-free for personal, non- 
commercial, and U.S. federal, state, and local 
government uses. Only parties that enjoyed com- 
mercial benefit from making or selling products 



29 NIST memoranda published as: "Selected NIST/NSA Documents." op. cit.. footnote 1 1 . (See Note in footnote 14 above.) 

30 Richard A. Danca. "CPSR Charges NIST. NSA with Violating Security Act." Federal Computer Week. Aug. 24. 1992, pp. 20. 34. 

31 Announcement from the Computer Science and Telecommunication Board. National Research Council. Dec. 7. 1993. 

32 CSSPAB Resolution 93-7. Dec. 8-9. 1993. 

33 U.S. Patent 4.405.829 (Cryptographic Communication System and Method; Ronald Rivest. Adi Shamir, and Lcnard Adleman, 1983). 

34 U.S. Patents 4,200.770 (Cryptographic Apparatus and Method; Martin Hellman. Whitfield Diffie. and Ralph Merkle. 1980); 4.218.582 
(Public Key Cryptographic Apparatus and Method; Martin Hellman and Ralph Merkle. 1980); 4,424,4 14 (Exponentiation Cryptographic Ap- 
paratus and Method; Hellman and Pohlig, 1984); and 4.309.569 (Method of Providing Digital Signatures; Merkle. 1982) are all assigned to 
Stanford University. 

Stanford considers that the -582 patent covers any public key system in any implementation (including RSA ); variations of the -582 patent 
have been issued in 1 1 other countries. Robert B. Fougncr. Director of Licensing. Public Key Partners, letter to OTA. Nov. 4. 1993. 

35 Patent 4.995,082 (Claus P. Schnorr; Method for Identifying Subscribers and for Generating and Verifying Electronic Signatures in a Data 
Exchange System. 1991 ). The patent was applied for in Fcbr ary 1990. 

36 Fougncr. op. cit.. footnote 34. 
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incorporating the DSS technique, or from provid- 
ing certification services, would be required to 
pay royalties according to a set schedule of fees. 37 

The government announced that it had waived 
notice of availability of the DSS invention for li- 
censing because expeditious granting of the li- 
cense to PKP would "best serve the interest of the 
federal government and the public." 38 The ar- 
rangement would allow PKP to collect royalties 
on the DSS for the remainder of the government's 
17-year patent term (i.e., until 2010); most of the 
patents administered by PKP would expire long 
before that. However, the Schnorr patent had an 
almost equivalent term remaining (until 2008); so 
the arrangement was seen as an equitable tradeoff 
that would avoid litigation. 39 

Some saw the PKP licensing arrangement as 
lowering the final barrier to adoption of DSS. 40 
However, others — including the CSSPAB — 
questioned the true cost 41 of the DSS to private- 
sector users under this arrangement: 
The board is concerned that: 

1. the original goal that the Digital Signature 
Standard would be available to the public on 
a royalty-free basis has been lost; and 

2. the economic consequences for the country 
have not been addressed in arriving at the 
Digital Signature Algorithm exclusive li- 
censing arrangement with Public Key Part- 
ners, Inc. 42 



Ultimately, patent discussions had to be re- 
opened, after a majority of potential users ob- 
jected to the original terms and the Clinton 
Administration concluded that a royalty-free digi- 
tal signature technique was necessary to promote 
its widespread use. NIST resumed discussions in 
early 1994, with the goal of issuing a federal sig- 
nature standard "that is free of patent impediments 
and provides for an interoperability and a uniform 
level of security." 43 

ISSUANCE OF THE DIGITAL 
SIGNATURE STANDARD 

In May 1994, the Secretary of Commerce ap- 
proved the DSS as FIPS 1 86, effective December 
1 , 1994. It will be reviewed every five years in or- 
der to assess its adequacy. According to FIPS Pub- 
lication 1 86, the DSS technique is intended for use 
in electronic mail, electronic funds transfer, elec- 
tronic data interchange, software distribution, 
data storage, and other applications that require 
data integrity assurance and origin authentication. 
The DSS can be implemented in hardware, soft- 
ware, and/or firmware and is to be subject to Com- 
merce Department export controls. NIST is 
developing a validation program to test imple- 
mentations of DSS for conformance to the stand- 
ard. The DSS technique is available for voluntary 
private or commercial use. 44 



* 7 Federal Register, June 8, 1993. pp. 32105-06, "Notice of Prospective Grant of Exclusive Patent License" This includes an appendix from 
Robert Fougncr staling PKP*s intentions in licensing the DSS technology. The PKP licenses would include key management for the EES at no 
additional fee. Also. PKP would allow a three-year moratorium on collecting fees from commercial signature certification services. Thereafter, 
all commercial services that "certify a signature's authenticity for a fee** would pay a royally to PKP (ibid., p. 32106). 

* 8 Ibid. 

^ OTA staff interview with Michael Rubin. Deputy Chief Counsel. NIST. Jan. 13. 1994. 

40 Sec Kevin Power, "With PatenlDispuie Finally Over. Feds Can Use D\g\iz\Sigr\a\uTCsr Government Computer News June 2\. 1993. pp. 
1 .86. 

4 1 See Kevin Power. "Board Questions True Cost of DSS Standard.** Government Computer New s* Aug. 1 6. 1 993. pp. 1 . 1 07. Digital signa- 
tures (hence, the DSS) will be widely used in health care, electronic commerce, and other applications (see chapter 3). 

42 CSSPAB Resolution No. 93-4, July 30. 1993. This was not unanimously adopted. 

43 Federal Register. May 1 9. 1994. op. cil.. fixUnote 1 . p. 26209. 

44 NIST. FIPS PUB 1 86. op. cil.. ftxitnotc I . pp. 2-3. The DSS applies to all federal departments and agencies for use in protecting unclassi- 
fied information that is not subject to the Warner Amendment (i.e.. I0USC sec. 2315 and 44USC sec. 3502(2)). It "shall be used indesigning or 
implementing public-key based signature systems which federal departments and agencies operate or which are operated for them under con- 
tract " (Ibid., p. 2). 
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The Federal Register announcement stated that 
NIST had "considered all the issues raised in the 
public comments and believes that it has ad- 
dressed them/' 45 Among the criticisms and NIST 
responses noted were: 

■ criticisms that the Digital Signature Algorithm 
specified in the DSS does not provide for secret 
key distributions. NIST's response is that the 
DSA is not intended for that purpose. 

■ criticisms that the DSA is incomplete because 
no hash algorithm is specified. NISTs re- 
sponse is that, since the proposed DSS was an- 
nounced, a Secure Hash Standard has been 
approved as FIPS 180. 

■ criticisms that the DSA is not compatible with 
international standards. NISTs response is that 
is has proposed that the DSA be an alternative 
signature standard within the appropriate in- 
ternational standard (IS 9796). 

■ criticisms that DSA is not secure. NISTs re- 
sponse is that no cryptographic shortcuts have 
been discovered, and that the proposed stan- 
dard has been revised to provide a larger modu- 
lus size. 

■ criticisms that DSA is not efficient. NISTs re- 
sponse is that it believes the efficiency of the 
DSA is adequate for most applications. 

■ criticisms that the DSA may infringe on other 
patents. NISTs response is that it has ad- 
dressed the possible patent infringement claims 
and has concluded that there are no valid 
claims. 46 

According to FIPS Publication 1 86, the Digital 
Signature Algorithm specified in the standard pro- 
vides the capability to generate and verify signa- 



tures. A private key is used to generate a digital 
signature. A hash function (see FIPS Publication 
1 80) is used in the signature generation process to 
obtain a condensed version, called a message di- 
gest, of the data that are to be signed. The message 
digest is input to the DSA to generate the digital 
signature. Signature verification makes use of the 
same hash function and a public key that corre- 
sponds to, but is different than, the private key 
used to generate the signature. Similar procedures 
may be used to generate and verify signatures for 
stored as well as transmitted data. The security of 
the DSS system depends on maintaining the secre- 
cy of users' private keys. 47 

In practice, a digital signature system requires 
a means for associating pairs of public and private 
keys with the corresponding users. There must 
also be a way to bind a user's identity and his or 
her public key. This binding could be done by a 
mutually trusted third party, such as a certifying 
authority. The certifying authority could form a 
"certificate" by signing credentials containing a 
user's identity and public key. According to FIPS 
Publication 186, systems for certifying creden- 
tials and distributing certificates are beyond the 
scope of the DSS, but NIST intends to publish 
separate documents on certifying credentials and 
distributing certificates. 48 

Although the DSS has been approved as a Fed- 
eral Information Processing Standard, issues con- 
cerning the DSS have not all been resolved, 
particularly with respect to patent-infringement 
claims (see above) and the possibility of litiga- 
tion. 49 As this report was completed, whether or 
not Public Key Partners would file suit was "still a 
pending question." 50 



Federal Register, May 19, 1994. op. cit., footnote 1. p. 26209. 

46 Ibid. 

47 NIST, FIPS PUB 186. op. cit.. footnote 1, pp. 1-3. 

48 Ibid., p. 6. 

49 Sec John Markoff. "U.S. Adopts a Disputed Coding Standard." The New York Times, May 23. 1994. pp. Dl, D8. 

50 Robert B. Fougncr. Director of Licensing, Public Key Partners, Inc., personal communication, June 24, 1994. 
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Robert J. Aiken 

Department of Energy 

Bruce H. Barnes 

National Science Foundation 

Brian Boesch 

Advanced Research Projects 
Agency 

Patricia N. Edfors 

Department of Justice 



Marianne Emerson 

Board of Governors 
Federal Reserve System 

Martin Ferris 

Department of the Treasury 

Jane Bortnick Griffith 

Congressional Research Service 
Library of Congress 

Sonja D. Martin 

Department of Veterans Affairs 

Gregory L Parham 

Department of Agriculture 



David Rejeski 

Environmental Protection Agency 

Lawrence P. Shomo 

National Aeronautics and Space 
Administration 

William F.Wadsworth 

Department of State 

Scott David Williams 

Bureau of the Census 



NOTE: OTA appreciates and is grateful for the valuable assistance and thoughtful critiques provided by the workshop participants. The work- 
shop participants do not, however, necessarily approve, disapprove, or endorse this report. OTA assumes full responsibility for the report and 
the accuracy of its contents. 
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Commercial. Industry, and Research Perspectives Workshop ■ November 8, 1993 , 



David A. Banisar 

Computer Professionals for Social 
Responsibility 

Joseph Burniece 

ISAT, Inc. 

Alexander Cavalli 

Microelectronics and Computer 
Technology Corp. 



Whitfield Diffie 

Sun Microsystems, Inc. 

Richard Graveman 

Bellcore 

Lee A. Hollaar 

The University of Utah 

Donn B. Parker 

SRI Internatinal 



Dan Schutzer 

Citibank 

Fran D. Smythe 

Bear Stearns 

Daniel Weitzner 

Electronic Frontier Foundation 



Steven D. Crocker 

Trusted Information Systems, Inc. 



Richard Rubin 

Kent State University 



Commercial, Industry, and Research Perspectives Workshop ■ November 16, 1993 



Prue S. Adier 

Association of Research Libraries 

Dorothy E. Denning 

Georgetown University 

Lance J.Hoffman 

The George Washington 
University 

Kathleen Horoszewski 

AT&T Bell Labs 



James E. Katz 

Bellcore 

Stephen T. Kent 

Bolt Beranek and Newman, Inc. 

Teresa F. Lunt 

SRI International 

Richard M. Peters, Jr. 

Oceana Healthcare Systems 

Roger Pience 

National Cable Television 
Association 



Marilyn Schaff 

California Department of Motor 
Vehicles 

James F, Snyder 

MCI Communciations 
Corporation 

George B. Trubow 

John Marshall Law School 

Maria Zemankova 

MITRE Corp. 
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Federal Context Workshop- ■ December 3, 1993 - 



Dennis Branstad 

National Institute of Standards 
and Technology 

Roger M. Callahan 

National Security Agency 

Scott Charney 

Department of Justice 

Hazel Edwards 

General Accounting Office 

Harold M. Hendershot 

Federal Bureau of Investigation 



Bruce Holmes 

General Accounting Office 

Michael SKeplinger 

Patent and Trademark Office 

R.J.Linn 

National Institute of Standards 
and Technology 

David Lytel 

Executive Office of the President 
Office of Science and Technology 
Policy 

Alan R. McDonald 

Federal Bureau of Investigation 



Marybeth Peters 

Copyright Office 

Ed Springer 

Office of Management and 
Budget 

Margaret Truntich 

General Services Administration 

Robert Veeder 

Office of Management and 
Budget 
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Stuart Levi 
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NOTE: OTA appreciates and is grateful for the valuable assistance and thoughtful critiques provided by the reviewers and contributors. The 
reviewers and contributors do not, however, necessarily approve, disapprove, or endorse this report. OTA assumes full responsibility for the 
report and the accuracy of its contents. 
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he technology used in dailv life tures prominently in plans to make gov- cryptography policy, including federal in- 

J \ 
is changing. Information tech- ernment more efficient, effective, and^ formation processing standards and cx- 

, . r . i responsive. But the transformation I port controls; 2) guidance on safeguard- 

nologies are transforming the r j r to to 

brought about by networking also raises ' ing unclassified information in federal 
ways we create, gather, process, and share ^ 

new concerns for the security and pp- agencies; and 3) legal issues and infor- 
. information; electronic transactions and / 

vacy of networked information. iHnese matiorisee^rity, including electronic 

records are becoming central to every- . S . . ' . . . „ * 

concerns are not properly resolved, they commerce, pnvacj;and intellectual prop- 

thing from commerce to health care. {Q ^ nctw?r ^ s M po/ C rty. ^ 

Computer networking is driving many of tential, in terms of bo^ paruapatiojiand Information safeguards, especially 

these changes. The explosive growth of usefulness. those based on cryptogr»my, arc J>ecom- 

! / I II 

the Internet — the number of users more The OTA report Information Secu- ing increasingly imrx>rta|t. Appropriate 

than doubles each year— exemplifies this rit y and Privac^n Network Environ- safeguards (cprfntermea^res) must ac- 

i j . « ments was requested bythe Senate Com- ■ count fo^ — and anticipate — technical, 

transition to a networked society. Ac- » J \_ / 1 

mittee on Governmental Affairsand the institutional, andgpcial changes that in- 
cording to the Internet Society, as of July \^ ^ t 7r 

House Subcommittee^ Telecommuni-^ creasingly sluTt responsibility for safe- 
cations anifcfinanpe. The re focuses guarding fnform<f&bn to the end users. 
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tries; some 20 to 30 million people in netw ^# not on me security or sur- information will be frustrated unless 

worldwide can exchange messages over vivability of networks themselves, or on cryptography-policy issues are resolved. 

the Internet. the reliability of network services to en- The single most important step to- 

The use of information networks for sure information access. OTA's analysis ward implementing proper safeguards for 

business, in particular, is expanding enor- examines policy issue's in three areas: 1) networked information in a federal 

mously; government use of networks fea- \ agency or other organization is for top 
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management to define the organization's 
overall objectives, formulate an organi- 
zational security policy to reflect those 
objectives, and implement that policy. 
Only top management can consolidate 
the consensus and apply the resources 
necessary to effectively protect net- 
worked information. For the federal gov- 
ernment, this requires guidance from the 
Office of Management and Budget (e.g., 
in OMB Circular A- 130), commitment 
from top agency management, and over- 
sight by Congress. 

Cryptography Policy 

Congress has a vital role in formulat- 
ing national cryptography policy and in 
determining how we safeguard informa- 
tion and protect personal privacy in our 
networked society. Cryptography has be- 
come a fundamental technology with 
broad applications. Decisions about 
cryptography policy will affect the ev- 
eryday lives of most Americans because 
cryptography will help ensure the confi- 
dentiality and integrity of health records 
and tax returns. It will help speed the 
way to electronic commerce, and it will 
help us manage copyrighted material in 
electronic form. 



Despite two decades of growth in 
nongovernmental research and develop- 
ment, the federal government still has the 
most expertise in cryptography. The non- 
governmental market for cryptography 
products has grown in the last 20 years 
or so, but is still developing. Thus, ex- 
port controls and the federal informa- 
tion processing standards (FIPS) devel- 
oped by the Commerce Department's 
National Institute of Standards and Tech- 
nology (NIST) have substantia] impact on 
the development and use of information 
safeguards based on cryptography. In its 
activities as a developer, user, and regu- 
lator of safeguard technologies, the fed- 
eral government faces a fundamental ten- 
sion between two important policy ob- 
jectives: 1 ) fostering the development and 
widespread use of cost-effective informa- 
tion safeguards, and 2) controlling the 
proliferation of safeguard technologies 
that can impair U.S. signals-intelligence 
and law-enforcement capabilities. This 
tension is evident in concerns about the 
proliferation of cryptography that could 
impair U.S. signals intelligence and law 
enforcement, and in the resulting 
struggle to control cryptography through 
use of federal standards and export con- 
trols. 



Previously, control of the availability 
and use of cryptography was presented 
as a national-security issue focused out- 
ward, with the intention of maintaining 
a U.S. technological lead over other 
countries. Now,withanincreasingpolicy 
focus on domestic crime and terrorism, 
the availability and use of cryptography 
has also come into prominence as a do- 
mestic-security, law-enforcement issue. 
Thus, export controls, intended to re- 
strict the international availability of U.S. 
cryptography technology and products, 
are now being joined with domestic 
cryptography initiatives intended to pre- 
serve U.S. law-enforcement and signals- 
intelligence capabilities. 

Policy debate over cryptography used 
to be as arcane as the technology itself. 
However, as the communications tech- 
nologies used in daily life have changed, 
concern over the implications of privacy 
and security policies dominated by na- 
tional security objectives has grown dra- 
matically, particularly in business and 
academic communities that produce or 
use information safeguards, but among 
the general public as well. This concern 
is reflected in the ongoing debates over 
key-escrow encryption and the 
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government's Escrosved Encryption 
Standard (EES). 

The Clinton Administration an- 
nounced the "escrowed-encryption" ini- 
tiative (often referred to as "Clipper" or 
the "Clipper chip") in April 1993. The 
EES uses a classified algorithm developed 
by the National Security Agency (NSA). 
The Department of Commerce issued 
the EES as a federal information pro- 
cessing standard for encrypting unclas- 
sified information in February 1994. 
The escrowed-encryption initiative in 
general and the EES in particular have 
been met with intense public criticism 
and concern: the EES has not yet been 
embraced within government and is 
largely unpopular outside of government. 
The controversy and unpopularity stem 
in large part from privacy concerns and 
the fact that users' cryptographic keys will 
be held by government-designated "es- 
crow agents" (currently, within the De- 
partments of Commerce and Treasury). 
Other concerns regarding the EES and 
its implementation include the role of 
NSA in the escrowed-encryption initia- 
tive and in NIST's standards develop- 
ment, the use of a classified algorithm 



in the standard, the requirement that the 
standard be implemented in hardware 
(not software), the possibility of key-es- 
crow encryption being made mandatory 
in the future, and the general secrecy and 
closed processes surrounding the Clinton 
Administration's escrowed-encryption 
initiative. 

Recognizing the importance of cryp- 
tography and the policies that govern the 
development, dissemination, and use of 
the technology, Congress has asked the 
National Research Council (NRC) to 
conduct a major study that would sup- 
port a broad review of cryptography. 1 
The OTA report presents several options 
for congressional consideration in the 
course of a strategic policy review Be- 
cause information to support a congres- 
sional review of cryptography is out of 
phase with the government's implemen- 
tation of key-escrow encryption (the 
NRC report is expected to be completed 
in 1996), one option would be to place 
a hold on further deployment of key-es- 
crow encryption, pending a congres- 
sional policy review. 



INFORMATION SECURITY AND PRIVAO 
There are three main aspects ol infor- 
mation security: confidentiality, integrity, and 
availatxlity. These protect against the unau- 
thorized disclosure, modification, or destruc- 
tion of information. The focus of this report 
is on the confidentiality and integrity of infor- 
mation in network environments. Confiden- 
tiality refers to the property that information 
is made available or disclosed only to au- 
thorized parties. Integrity refers to the prop- 
erty that information is changed only in a 
specified and authorized manner. 

Privacy refers to the social balance be- 
tween an individual's right to keep informa- 
tion confidential and the societal benefit de- 
rived from snaring information, and how this 
balance is codified to give individuals the 
means to control personal information. Con- 
fidentiality and privacy are not mutually ex- 
clusive: safeguards that help ensure confi- 
dentiality of information can be used to pro- 
tect personal privacy, 

INFORMATION SAFEGUARDS 

In this report, OTA often uses the term 
"saf eguarcT In order to avoid misunderstand- 
ings regarding use of the term "security." 
which some readers may interpret in terms 
of classified Information, or as excluding 
measures to protect personal privacy. Cryp- 
tography is an important safeguard technol- 
ogy. Modern encryption techniques can be 
used to safeguard the confidentiality of the 
contents of an electronic message (or a 
stored file). Message authentication tech- 



1 The NRC study was included in the Defense 
Authorization Act for FY 1 994 (Public law 1 03-1 60). 
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An important outcome of a broad re- 
view of national cryptography policy 
would be the development of more open 
processes to determine how cryptogra- 
phy will be deployed throughout society 
in support of electronic delivery of gov- 
ernment services, copyright manage- 
ment, and digital commerce. More open 
processes would build trust and confi- 
dence in government operations and 
leadership, as well as allow for public 
consensus-building, providing better in- 
formation for use in congressional over- 
sight of agency activities. As part of a 
broad national cryptography policy, Con- 
gress could also periodically examine ex- 
port controls on cryptography to ensure 
that these continue to reflect an appro- 
priate balance between the needs of sig- 
nals intelligence and law enforcement and 
the needs of the public and business com- 
munities. 

Congress also has a more near-term 
role to play in determining the extent to 
which — and how — the Escrowed En- 
cryption Standard and other types of key- 
escrow encryption will be deployed in 
the United States. These actions can be 
taken within a long-term, strategic 



framework. Congressional oversight of 
the effectiveness of policy measures and 
controls can allow Congress to revisit 
these issues as needed, or as the conse- 
quences of previous decisions become 
more apparent. 

The OTA report presents immediate 
options for Congress in responding to 
current escrowed-encryption initiatives 
like the EES, as well as for determining 
the extent to which appropriated funds 
should be used in implementing key-es- 
crow encryption and related technolo- 
gies. These options include addressing 
the appropriate choice of escrow agents, 
as well as establishing criminal penalties 
for misuse and unauthorized disclosure 
of escrowed key components and allow- 
ing damages to be awarded to individu- 
als or organizations who were harmed 
by misuse or unauthorized disclosure of 
escrowed key components. 

Safeguarding Information in 
Federal Agencies 

Congress has a direct role in estab- 
lishing the policy guidance within which 
federal agencies safeguard information, 
and in oversight of agency and Office of 
Management and Budget (OMB) mea- 



sures to implement information secu- 
rity and privacy requirements. OMB is 
responsible for: 1) developing and imple- 
menting government-wide policies for 
information resource management; 2) 
overseeing the development and promot- 
ing the use of government information- 
management principles, standards, and 
guidelines; and 3) evaluating the ad- 
equacy and efficiency of agency informa- 
tion-management practices. Informa- 
tion-security managers in federal agen- 
cies must compete for resources and sup- 
port to properly implement needed safe- 
guards. For their efforts to succeed, both 
OMB and top agency management must 
fully support investments in cost-effec- 
tive safeguards. Given the expected in- 
crease in interagency sharing of data, in- 
teragency coordination of privacy and 
security policies is also necessary to en- 
sure uniformly adequate protection. 

The forthcoming revision of Appen- 
dix III of OMB Circular A- 130 is in- 
tended to improve federal information- 
security practices. To the extent that the 
revised Appendix III facilitates more uni- 
form treatment across agencies, it can 
also make fulfillment of Computer 
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Security Act and Privacy Act require- 
ments more effective ss ith respect to data 
sharing and secondary uses. The revised 
Appendix III had not been issued by the 
time this report was completed. There- 
fore, OTA was unable to assess the 
revision's potential for improving infor- 
mation security in federal agencies. The 
report offers options for Congress in 
determining the effectiveness and ad- 
equacy of OMR's guidelines and the need 
for additional legislative guidanc e. Ibp- 
ics to be addressed in the course of over- 
sight and w hen considering the direction 
of any new legislation would include en- 
suring that: 1) agencies include explicit 
provisions for safeguarding information 
assets in any information-technology 
planning documents; 2) agenc ies bud- 
get sufficient resources to safeguard in- 
formation assets, whether as a perc ent- 
age of information-technology modern- 
ization and/or operating budgets, or oth- 
erwise, and 3) the Department of Com- 
merce assigns sufficient resources to 
NIST to support its Computer Security 
Act responsibilities, as well as NIST's 
other activities related to safeguarding 
information and protecting privacy in 
networks. 



Congress may also wish to address the 
working relationship of NISI* and the 
National Security Agency in implement- 
ing the Computer Security Act of 1987 
(PL. 100-235). The .ict gives NIST (then 
the National Bureau of Standards) final 
authority for developing government- 
wide standards and guidelines for safe- 
guarding unclassified, sensitive informa- 
tion, and for developing government- 
wide security training programs. Imple- 
mentation of the Computer Security Act 
has been controversial, particularly re- 
garding the roles of NIST and NSA in 
standards development; a 1989 memo- 
randum of understanding between the 
two agencies appears to cede more au- 
thority to NSA than the act had granted 
or envisioned. 

Legal Issues and 
Information Security 

Liw s evolve in the context of the cul- 
tural mores, business practices, and tech- 
nologies of the time. The laws currently 
governing commercial transactions, data 
privacy, and intellectual property were 
largely developed for a time when tele- 



nSques and digital signatures based on cryp- 
tography can be used to ensure the integ- 
rity of the message (that it has been received 
exactly as it was sent), as well as the au- 
thenticity of its origin (that it comes from the 
stated source). 

CRYPTOGRAPHY 

Cryptography, a field of applied math- 
ematics/computer science, is the technique 
of concealing the contents of a message by 
a code or a cipher. Cryptography provides 
confidentiality through encoding, in which an 
arbitrary table is used to translate the text or 
message into its coded form, or through 
encipherment, in which an encryption algo- 
rithm and key are used to transform the origi- 
nal plaintext into the encrypted ciphertext. 
The original text or message is recovered 
from the encrypted message through the 
inverse operation of decryption. 

Cryptographic algorithms-specific tech- 
niques for transforming the original input into 
a form that is unintelligible without special 
knowledge of some secret (ctosefy held) in- 
formation-are used to encrypt and decrypt 
messages, data, or other text. In modem 
cryptography, the secret information is the 
cryptographic key that "unlocks" the en- 
crypted ciphertext and reveals the original 
plaintext. Key management underpins the 
security afforded by any cryptography-based 
safeguard. It includes generation of the en- 
cryption key or keys as well as their distri- 
bution, storage, and eventual destruction. 



25(5 



PAGE SIX 



graphs, typewriters, and mimeographs 
were the commonly used office technolo- 
gies and business was conducted with 
paper documents sent by mail. Technolo- 
gies and business practices have dramati- 
cally changed, but the law has been slower 
to adapt. Computers, electronic net- 
works, and information systems are now 
used routinely to process, store, and 
transmit digital data in most commer- 
cial fields. Changes in communication 
and information technologies are par- 
ticularly significant in three areas: elec- 
tronic commerce, privacy and 
transborder data flow, and digital librar- 
ies. 

Electronic Commerce 

As businesses replace conventional pa- 
per documents with standardized com- 
puter forms, the need arises to secure 
the transactions and establish means to 
authenticate and provide nonrepudiation 
services for electronic transactions, that 
is, a means to establish authenticity and 
certify that the transaction was made. 
Absent a signed paper document on 



which any nonauthorized changes could 
be detected, a digital signature must be 
developed to prevent, avoid, or minimize 
the chance that the electronic document 
has been altered. In contrast to the courts' 
treatment of conventional, paper-based 
transactions and records, little guidance 
is offered as to whether a particular safe- 
guard technique, procedure, or practice 
will provide the requisite assurance of 
enforceability in electronic form. This 
lack of guidance is reflected in the diver- 
sity of security and authentication prac- 
tices used by those involved in electronic 
commerce. Although Congress may wish 
to monitor this issue, the time is not yet 
ripe for legislative action. 

Protection of Privacy in Data 

Since the 1970s, the United States has 
concentrated its efforts to protect the 
privacy of personal data collected and 
archived by the federal government. 
Rapid development of networks and in- 
formation proce^ing by computer now 
makes it possible for large quantities ot 
personal information to be acquired, 
exchanged, stored, and matched very 
quickly. As a result, the market for com- 



puter-matched personal data has ex- 
panded rapidly, and a private-sector in- 
formation industry has grown around the 
demand for such data. 

Increased computerization and link- 
age of information maintained by the 
federal government is arguably not ad- 
dressed by the Privacy Act, which ap- 
proaches privacy issues on an agency-by- 
agehcy basis. Although the United States 
does not comprehensively regulate the 
creation and use of such data in the pri- 
vate sector, foreign governments (par- 
ticularly the European Union) do impose 
controls. The difference between the 
level of personal privacy protection in the 
United States and that of its trading part- 
ners, who in general protect privacy more 
rigorously, could inhibit the exchange of 
data with these countries. The OTA re- 
port offers a range of options for dealing 
with privacy issues in the public and pri- 
vate sectors, ranging from continuing to 
allow federal agencies to manage privacy 
on an individual basis to establishing a 
Federal Privacy Commission. 
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Protection of Intellectual 
Property in the Administration ot 
Digital Libraries 

The availability of protected intellec- 
tual property in networked information 
collections, such as digital libraries and 
other digital information banks, is plac- 
ing a strain on the traditional methods 
of protection and payment for use of in- 
tellectual property. Technologies devel- 
oped for securing information might also 
hold promise for monitoring the use of 
copyrighted information and for provid- 
ing a means to collect royalties and com- 
pensate the copyright holders. The ap- 
plication of intellectual -property law to 
protect material in electronic form con- 
tinues to be problematic, especially for 
mixed-media (multimedia) works; tra- 
ditional copyright concepts such as fair 
use are not clearly defined as they apply 
to these works; and the means to moni- 
tor compliance with copyright law and 
to distribute royalties is not yet resolved. 
OTA also addressed these issues in Find- 
tng a Balance: Computer Software, Intellec- 
tual Property, and the Challenge of Techno- 
logical Change, OTA-TCT-527 (Washing- 
ton, DC: U.S. Government Printing Of- 
fice, May 1992). 



During the current assessment, OTA 
found that the widespread development 
of multimedia authoring tools — integrat- 
ing film clips, images, music, sound, and 
other content — raises additional issues 
pertaining to copyright and royalties. 
Two options for dealing with copyright 
for multimedia works would be to allow 
the courts to continue to define the law 
of copyright as it is applied in the world 
of electronic information, or to take spe- 
cific legislative action to clarify and fur- 
ther define the copyright law A third 
approach would allow producer and user 
communities to establish common 
guidelines for use of copyrighted, multi- 
media works. More generally, Congress 
could encourage private efforts to form 
rights-clearing and royalty-collection 
agencies for groups of copyright holders 
or allow private-sector development of 
network tracking and monitoring capa- 
bilities to support a fee-for-use basis for 
copyrighted works in electronic form. 



KEY-ESCROW ENCRYPTION 

The Escrowed Encryption Standard, or 
EES, is Mended tor use In encrypting voice, 
facsimile, and computer data communicated 
Inate^xxiesysterruKlscurrer^interic^d 
for voluntary use by all federal departments 
and agencies and their contractors to pro- 
tect unclassified Information; other use by 
the private sector is voluntary. The EES en- 
cryption algorithm, called SKIPJACK, is 
implemented in tamper-proof electronic de- 
vices, or "chips," An early implementation 
of SKI PJACK was called "Clipper/ hence the 
use of "Clipper chip" refers to the technol- 
ogy. 

The EES specifies a type of key-escrow 
encryption intended to a'iow easy decryption 
by law enforcement when the equivalent of 
a wiretap has been authorized. This is ac- 
complished through what Is called key es- 
crowing. Each EES chip is programmed with 
achip-spedfteljey. A copy of this key Is then 
split into two parts; one part Is held by each 
of two designated "escrow agents." The EES 
also specifies how the Law Enforcement 
Access Field (LEAF) thai is transmitted aiong 
with encrypted messages is created. 

When intercepted communications have 
been encrypted using the EES, law-enforce- 
ment agencies can obtain the two escrowed 
key components from the escrow agents. (A 
device identifier in the LEAF Indicates which 
ones are needed.) The escrowed key com- 
ponents are then used to obtain the keys 
that will decrypt the Intercepted communi- 
cations sessions. 



PAGE EIGHT 



Ordering Information 



Congressional requi-- Coll OTA's Con- 
gressional and Public Affairs Office at 202- 
224-9241. 

Information Security and Privacy 
in Network Environments is available 
from the U.S. Government Printing Of- 
fice. Call GPO at 202-512-1800 or fax 
this order form to GPO at 202-512- 
2250. Alternatively, mail this form to 
Superintendent of Documents, PO. Box 
371954, Pittsburgh, PA 15250-7954. 



Orders placed at GPO generally take 
four weeks for delivery. If you need fast 
delivery, the Superintendent of Docu- 
ments offers Federal Express service for 
domestic telephone orders only. The cost 
is an additional $8.50 per order. Inquire 
for bulk quantities. If the order is called 
in before noon, Eastern Standard Time, 
the Superintendent of Documents will 
guarantee 48 -hour delivery. There is no 
Federal Express delivery to Post Office 



boxes or APO/FPO addresses. 

For information about other OTA 
publications, a free Catalog of Publica- 
tions is available from OTAs Publication 
Distribution Office. Call 202-224-8996 
or e-mail pubsrequest@ota.gov or write 
to: Office of Technology Assessment, 
U.S. Congress, Washington, D.C. 
20510-8025. Attn: Publication Distri- 
bution. 



Superintendent of Documents Publications Order Form 



P3 



Order Processing Code: 

*7515 

| | YES, please send me the following: 



Telephone orders (202) 5 1 2- 1 800 
( The best time to call is between 8-9 a.m. EST .) 

To fax your orders (202) 5 1 2-2250 

Charge your order. It's Easy! 



copies of Information Security and Privacy in Network Environments (2S2 pages) 
S/N 052-003-01387-8 at $16.00 each. 



. international customers please add 25%. Prices include regular domestic 

postage and handling and are subject to change. 



The total cost of my order is $_ 



(Company or Personal Name) 



(Additional address/attention line) 



Please Choose Method of Payment: 

(Please type or print) r— j p aya bi e to the Superintendent of Documents 

Q GPO Deposit Account Mill 



F1 VISA or MasterCard Account 



-□ 



(Street address) 



(Credit card expiration date) 



(City, State, ZIP Code) 



Thank you for 
your order! 



(Daytime phone including area code) 



(Authorizing Signature) (9/94) 

YES NO 

(Purchase Order No) May we make your tuune/Wdi^avaflaWe to other mailers? □ □ 

Mail To: New Orders, Superintendent of Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954 

THIS FORM MAY BE PHOTOCOPIED 



259 



ffice of Technology Assessment 



The Office of Technology Assessment 
(OTA) was created in 1 972 as an anal>tical 
arm of Congress. OTA's basic function is 
to help legislative policymakers anticipate 
and plan for the consequences of techno- 
logical changes and to examine the many 
ways, expected and unexpected, in which 
technology affects people's lives. The as- 
sessment of technology calls for explora- 
tion of the physical, biological, economic, 
social, and political impacts that can result 
from applications of scientific knowledge. 
OTA provides Congress with independent 
and timely information about the potential 
effects— both beneficial and harmful--of 
technological applications. 

Requests for studies are made by chair- 
men and ranking minority members of 
standing committees of the House of Rep- 
resentatives or Senate; by the Technology 
Assessment Board, the governing body of 
OTA; or by the Director of OTA in consul- 
tation with the Board, 

The Technology Assessment Board is 
composed of six members of the House, 
six members of the Senate, and the OTA 
Director, wno is a nonvoting memoer. 

OTA has studies under wa> in seven 
program areas: energy, transportation, and 
infrastructure; industry, technology and 
employment; international security and 
space; telecommunications and comput- 
ing technologies; education and human 
resources; environment; and health. 
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